Hi:
Take a look at this ESXi log
2015-11-09T21:53:54.589Z cpu28:37021)MCE: 231: cpu28: bank7: MCA recoverable error (CE): "Memory Controller Read Error on Channel 0."
Using regex, I've extracted `cpu28:37021)` as field `CPU` and MCE: 231: cpu28: bank7: MCA recoverable error (CE): "Memory Controller Read Error on Channel 0."` as CPU_Message.
Now, I want to create a report that looks for the keywords MCE or MCA in the CPU_Message field. Doing wildcards won't work because there could be other words that contain mca or mce in them. I want to be alerted on any MCA or MCE errors specifically.
I've built this search
`sourcetype=vmware:esxlog* | where like(CPU_Message, MCE) OR like(CPU_Message, MCA) | table host CPU CPU_Message`
Will this accomplish what I want to do?
Thanks in advance!
↧