In order to search for the error records, I use :
ns=app1 Service='trigger1' Id!='temp-100' | Search ErrorResponse
Here I get an event like:
timestamp ns=app1 [ErrorResponse] Service='trigger1' id=105 ActNo=1234
Now I have to fetch this ActNo field and search with only ActNo=1234. It will list many events and in those I have to look for a field appId = 'New1'. If New1, I have to add it to a counter1 else counter2.
Thank you!
↧
