Hi,
if I have some logs like this:
ID DATE _RAW
1 10/06/2015 text .. ERROR text...
2 10/06/2015 text .. ERROR text...
3 10/06/2015 text .. INFO text...
4 10/06/2015 text .. WARN text...
With that, I would like to find the right commande to provide me somethig like that
ID | ERROR| INFO| WARN
1 | 1 | 0 | 0
2 | 1 | 0 | 0
3 | 0 | 1 | 0
4 | 0 | 0 | 1
So that count the number of ERROR, INFO, WARN for each ID. My main problem is that their is any field who detect the type of the event ERROR, INFO, WARN so I have to match it in the _raw field. I guess i have to use some regex but I can't find the good combination.
Is someone can help me ?
Thanks
... View more