I have an alert set up that will send an email to a group of individuals when we get responses from a payer with AAA*Y**41
in it. What I would like to include is the source file this string was found in and, if possible, the Host it was found on. It's possible this could show up in 226 different files. I can't email the raw data, it contains personal health information.
Search :
index=hdx_payer source="/hdx2/was70-32/AppServer/profiles/AppSrv01/logs/PRD2_PY0/*_Receive.log" | regex "AAA\*Y\*\*41\*"
Thanks
It should be something like this:
index=hdx_payer source="/hdx2/was70-32/AppServer/profiles/AppSrv01/logs/PRD2_PY0/*_Receive.log"
| regex "AAA*Y**41*"
| stats count(source) as COUNT by source host
This should give you a table that shows the number of hits per source file, per host.
Is this what you are looking for?
index=hdx_payer source="/hdx2/was70-32/AppServer/profiles/AppSrv01/logs/PRD2_PY0/*_Receive.log" | regex "AAA\*Y\*\*41\*" | table host, source