MS SQL ErrorLog have a single line with the following format "Date Time Error: ####, Severity: ##, State: #"
I require a search to find any error with the Severity: grater than 16.
Examples which should come back:
2012-12-03 19:00:30.86 spid29s Error: 1474, Severity: 16, State: 1.
2012-12-03 19:00:30.86 spid29s Error: 1474, Severity: 18, State: 1.
2012-12-03 19:00:30.86 spid29s Error: 1474, Severity: 24, State: 1.
Examples to be ignored:
2012-12-03 19:00:32.72 Logon Error: 18456, Severity: 14, State: 38.
I'm new to splunk searches, should I be looking at rex for a solution here?
... View more