Hello, I have this new task that I'm not sure how to go about it. I'm new to splunk so any help is really appreciated. I want to create a dashboard that monitors all power issues that's been logged, as well as a dashboard for all remaining issues based on the message text below: host_name=Contoso* OR host_name=Kontoso* AND message_text="Power supply 1 has failed or been turned off" OR message_text="Power supply 1 is okay" OR message_text="Power supply 2 has failed or been turned off" OR message_text="Power supply 2 is okay" OR "Power-module 0/PS0/M1/SP failure condition cleared" OR "0/PS0/M1/SP, state: FAILED" First off, the field "message_text" only captured four out of six messages, so these two were left out: "Power-module 0/PS0/M1/SP failure condition cleared" OR "0/PS0/M1/SP, state: FAILED" I tried to see if i could create a new or update message_text to include these two, but it looked like it just added it to a new field that I couldn't find when I used the same filter afterwards. Is it here that I use the eval-function to compare and remove logs that has been cleared?
... View more