Hello, I am pretty new to splunk and not having much knowledge. Please help me
Problem Statement:
I have 3 log statements
log.info( "Connecting ..." );
log.info( "Connect or create consumer failed with exception", connectException );
log.info( "Retry connecting in {}ms ...", 1000 );
For every 10 mins 1 want to display connection status. How would I do that? I tried below and it's not working
Connecting ... | timechart count(message) by message usenull=f useother=f
Thanks in advance
Try
Connecting OR "Connect or create consumer failed with exception" OR "Retry connecting in"
| timechart span=10min first(message) as message
Try
Connecting OR "Connect or create consumer failed with exception" OR "Retry connecting in"
| timechart span=10min first(message) as message
@hcheang Thanks