I have the below sample splunk query that returns me count by Errors -
index="abc" earliest=-1h "/payment_items" "Exception"
| rex field=_raw "Exception:\s"(?.*)""
| fields request_id, Error
| dedup request_id
| eval Errors=case(Error like "%invalidArgument%","InvalidArgument", Error like "%ApplicationException%", "ApplicationException", Error like "%", Error)
| stats count by Errors
| sort by count desc
When setting up alert, I want to trigger an alert when the total count of error (not the count by individual error) is greater than 10.
How can I achieve that ? Please help ASAP
↧