Hi guys, I need help with a Splunk query. The boss wants me to have a total of all different types of errors. When I run this query: index = css-dev error = "*" it gives the logs where for each log there is an error field present. The error field has 5 values - access_denied, invalid_request, invalid_token, server_error, unauthorised_client. In addition to this "error" field, there are some other errors also which I want to capture but they are added by developers by adding them using log. These errors are: 1. runtime error: attempt to get length of a boolean value 2. Authentication error : WRONGPASS invalid username-password pair 3. Error while sending 2 (size = 1KB) traces to the DD agent So these above 3 errors are not included in the "error" field and so therefore when i run the query - index = css-dev error="*" , I cannot find the above 3 errors. What I want is a query that should include the already present errors in the "error" field(access_denied, invalid_request, invalid_token, server_error, unauthorised_client), and should also dynamically add any new error added by the developer. Is it possible?
... View more