I have logs in Splunk which has a field named Message as Highligthed below
Date = 2019-04-09 11:43:20,946 | Level = INFO | RequestID = (null) | ErrorCode = (null) | ErrorMessage = Records details | Alert = false | Message = Manufacture:Actia;Total Records:20;Processed Records:18;Failed Records:2
I need to extract Manufacture name , total records, processed records and failed records values and get the count of the records and display it in Bar chart
Below is the query which i tried to generate the result
index ="XYZ" "Failed Records" "Manufacture:Actia" |rex field=_raw "Total Records:(?\d+);Processed Records:(?\d+);Failed Records:(?\d+)" | timechart count(total) as Total, count(processed) as processed,count(failed) as Failed
i need to get the count for the records
Total Records :20
Processed records : 18
Failed Records: 2
Please suggest.
... View more