I'm trying work with a bunch of system logs that are either ERROR or INFO logs. Each has a unique id # that is specific to a certain package.
I'm trying to figure out a way to count how my these unique id #s are only present in INFO logs meaning that there was no issues associated with that id #.
There are multiple logs associated with each ID# so if that id# is in 5 INFO logs but 1 ERROR logs, it shouldn't be counted. But if it's in only 1 INFO log, that should be counted.
I'm novice with Splunk and I need to figure this out for my internship ASAP so all help is appreciated.
Thanks!