I'm fairly new to splunk and have just learned how to use the rex/regex. I am trying to add a column in my string search to a statistics table to display the name of the workstation. This is my current string.
index=monitoring sourcetype=PEGA:WinEventLog:Application ( SourceName="RoboticLogging" OR SourceName="Application" ) ("Department=" "HRSS_STL") ("Type=" "Error") | rex "Message : (?.+.?)" | stats count by ex | rename ex as Exception |
I want to add a rex field to display another column that lists the name of Machine Name of where the error occurs. Here is a data set is displays: https://imgur.com/a/mbQBuzT
10/30/2019 09:49:59 AM
LogName=Application
SourceName=RoboticLogging
EventCode=0
EventType=2
Type=Error
ComputerName=WTWFBW4Y.UNITOPR.UNITINT.TEST.STATEFARM.ORG
TaskCategory=%1
OpCode=Info
RecordNumber=2625907
Keywords=Classic
Message=
↧