How Can i just get the message alert in mail showing only the failed job example "Job=[ADM-FILENET-DLY]] " instead of the complete log. Note: The Job names are dynamic
My Current Alert Query :
index=* host=*MYhost* "*IN-RCMCO-DLY*" OR "*ADJ-RECERT-DLY*" OR *AD*-*Y*" FAILED job_status2=FAILED OR status=FAILED OR status1=FAILED OR ExitCode=FAILED | rex field=_raw ".*status:\s\[(?P<status1>\S+)\]" | rex field=_raw "JOB\s(?P<job_status2>\w+)" |rex field=_raw "(exitCode=)(?<ExitCode>\w+)"
| eval _raw=substr(_raw, 1, 1500)
| table _time job_status2 status1 status ExitCode _raw
log
22-08-28 18:01:31,323 INFO [main] c.l.b.listener.JobCompletionListener: :::::::::::::::BATCH JOB FAILED:::::::::::JobExecution: id=21099, version=1, startTime=Sun Aug 28 18:01:29 CDT 2022, endTime=Sun Aug 28 18:01:31 CDT 2022, lastUpdated=Sun Aug 28 18:01:29 CDT 2022, status=FAILED, exitStatus=exitCode=FAILED;exitDescription=com.ltss.fw.exception.ApplicationException: Error occured while processing appDocument: In catch block, exception stackTrace,job=[JobInstance: id=21099, version=0, Job=[ADM-FILENET-DLY]], jobParameters=[{chunkSize=null, skipLimit=null, commitInterval=null, time=1661727689449, asOfDate=1661662800000}]
... View more