Hi,
I have server message logs sending to Splunk. Eg 1000 servers sending logs at a time. Wanted to find a way to list only the servers which have two types of error appearing in its message files. Both the errors are not in a single line of a message file.
eg:
2016-04-26T13:57:25.940706-07:00 host1 mpath disk disconnected
2016-04-26T13:57:25.940706-07:00 host1 < other general messages >
----
2016-04-26T13:57:25.940706-07:00 host1 Driver Error 0x1:10
My search should pick all the servers with logs that have BOTH `disconnected` AND `Error 0x1:10` Messages existing. How would I combine these strings for a search? If I do AND search, it shows servers with both entries present in same line.
Thanks in advance.
-SG
↧