index=axway* sourcetype=":messages" SENDERROUTINGID="KNPROD" |stats count by PRODUCTIONFILENAME|fields - count |rename PRODUCTIONFILENAME as FileName |join type=left FileName [search index=axway APPLICATION="CRD_3PL_TO_S4_GOODSRCPT" STATE=* | eval temp=split(FILENAME,"/")| eval count=mvcount(temp)| eval FileName=mvindex(temp,-1) |eval status=if(STATE like "%COMPLETE%" ,"Success","Failure") |stats latest(status) as status by APPLICATION FileName |stats count(eval(status="Failure")) as FailureCount by FileName APPLICATION status |replace CRD_3PL_TO_S4_GOODSRCPT
WITH "IDD_CRD_SCS_022" IN APPLICATION |rename APPLICATION as InterfaceID ] |eval Applicationstatus_MFT=if(status="_", "Failure","Success") |table InterfaceID FileName Applicationstatus_MFT |stats count(FileName) as FileVolume count(eval(Applicationstatus_MFT!="Success")) as FailFileCount by InterfaceID Applicationstatus_MFT