I have several of this kind:
8/2/11 2:20:57.000 PM 2011-08-02 14:20:57 Err: DeliveryPolicy:: _deliverRequest: failed to route request[42] for [TestRPC.1@G2MP2:getTestManagementURL] from peer 810607[ept] [(2008) "ECError::eNotFound"]
host=g2megw22.las.expertcity.com Options| sourcetype=egw Options| source=/opt/ec/egw/logs/egw_g2m_live_g2megw22.las.expertcity.com-1-20110802.log Options
I need to Extract :
[TestRPC.1@G2MP2:getTestManagementURL]
Than Split into a fields:
Service=TestRPC.1@G2MP2
Method=getTestManagementURL
I will present this as a histogram with timechart.
I have not been sucessful so far with rex
thanks
Here is the final result:
"failed to route request" sourcetype="egw" | rex field=_raw "for \[(?<service>.?):(?<method>.?)\]" | timechart span=1d count by service and then "failed to route request" sourcetype="egw" | rex field=_raw "for \[(?<service>.?):(?<method>.?)\]" | timechart span=1d count by method
I will try to combine both graphs.
Here is the final result:
"failed to route request" sourcetype="egw" | rex field=_raw "for \[(?<service>.?):(?<method>.?)\]" | timechart span=1d count by service and then "failed to route request" sourcetype="egw" | rex field=_raw "for \[(?<service>.?):(?<method>.?)\]" | timechart span=1d count by method
I will try to combine both graphs.