Search for Strings and count total occurrences

Comments

1 comment

  • Avatar
    Kevin Keech

    You will need to first parse the strings from your messages into a field and from there perform a count operation against the values found in that field. For example, given the following example messages

    2019-01-01T12:12:12.123 [WARNING] rest of message
    2019-01-01T12:12:12.123 [SUCCESS] rest of message
    2019-01-01T12:12:12.123 [WARNING] rest of message
    2019-01-01T12:12:12.123 [ERROR] rest of message

    The following query:

    | parse "[*]" as status
    | count by status

    Should result in 

    warning 2
    success 1
    error 1
    0
    Comment actions Permalink

Please sign in to leave a comment.