Hello,
I am using the following search:
index="ips_snaplogic""postsales" lvl="ERROR"| spath| rex mode=sed "s/.*{/{/"
| spath output=msg path=Detail.error.message.message
| timechart count BY msg
THis is the JSON I am trying to drill into, and grab the error message that I am trying to divide the chart by.
//XXX/projects/Sales_PostSales_processPostSaleOrder_VIP_CCT:{
"Service":"Enterprise Sales",
"Date":"09/19/2017 08:44:41.466",
"Environment":"XXX",
"Debug":"Error",
"Source":"PostSalesIntegration",
"Description":"Error::processPostSaleOrder_VIP_CCT. Error occurred while trying to process the message. Failed to execute HTTP request",
"Message_Unique_Id":null,
"Message_qualifier":null,
"JMSMessageID":null,
"Detail":{
"error":{
"message":"Failed to execute HTTP request",
"reason":"Read timed out",
"resolution":"Please check the Snap properties."
}
When I use timechart, I get a visual. When I use chart, no results. Any idea why?
Thanks
↧