Hi,
Would really appreciate if someone could help me with this issue:
1. I have a Table that displays **Host** and **"Error Message"** and Count
The "Error Message" field is a shortened version of an original Log Message. The search is as follows:
(index=WebSphere OR index=Pega) (log_level=Error OR wasLogLevel=E OR wasLogLevel=R)
|eval logmessage_short=subst(logmessage,1, 146)
|stats count by host, logmessage_short
| rename count as "Number of Occurrences", host as Host, logmessage_short as "Error Message"
| sort -"Number of Occurrences"
2. I have then have specified drilldown:
> cell$row.Error Messages$
3. When a user clicks on an error message, a new dashboard panel will open showing the Raw errors
(index=WebSphere OR index=Pega) (log_level=Error OR wasLogLevel=E OR wasLogLevel=R)
|search ("*$Error_Messages$*" OR $Error_Messages|s$
**The result**
User clicks on the Error Message and in most cases the Raw Events list shows below. However, in some cases it doesn't. Although when I open the Raw events in the search it then displays raw events for the selected field.
Here is an example:
This Error Message works :
-Exception com.pega.pegarules.pub.services.ConnectorException: com.pega.pegarules.pub.PRRuntimeException: No such Directory or Folder: /data/PEGA
This Error Message doesn't work:
-PEGA-OUTBOUND_PP_007: Transfer Error during Omni Outbound Response: java.lang.Throwable at com.pegarules.generated.activity.ra_action_generate
I have no idea why the list of Raw Events wouldn't display for this error message since the search is working. Anyone has experienced anything like this before?
↧