×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
PraveenThakur
Engager
Member since: ‎10-28-2022
‎10-28-2022
Community Statistics
Posts 2
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎10-28-2022
Activity Feed
View All

Re: How to add severity to fetched Errors messages

by in Splunk Search
‎10-28-2022 02:56 AM
‎10-28-2022 02:56 AM
Thanks a lot it has solved my problem ... View more

How to add severity to fetched errors messages?

by in Splunk Search
‎10-28-2022 02:35 AM
‎10-28-2022 02:35 AM
Hi All, I am trying to add severity column to output of first command, could you please let me know how to do it. Query I have created is : index=abc source=xyz | table _time ID STATUS ERROR_Name | search ERROR_Name IN ("EndDate must be after StartDate""The following is required: PersonName" ....many others) | join type=inner ID[search index=abc source=xyz STATUS IN (FATAL,SUCCESS) | table _time ID STATUS | stats latest(STATUS) as STATUS by ID | search STATUS IN (FATAL) | fields ID] | stats latest(STATUS) as STATUS by ID ERROR_Name | search STATUS IN (FATAL) | top 50 ERROR_Name | appendcols [| eval severity = case(ERROR_Name=="EndDate must be after StartDate", "One", ERROR_Name=="The following is required: PersonName", "two")] ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎10-28-2022 11:22 AM
Karma given to
View All