Hi,
I have another requirement of displaying the classification of the run configuration like for run configuration values ="11,21,2,5,9,41,20,25" the name to be displayed is 'TAS' similarly for run configuration values=="13,19,16,18" name should be 'EDW'.
The sample search query i have made is :
index=actim* ("passed" OR "runconfiguration") | rex field=_raw "Passed: (? [0-9]+)" | rex field=_raw "runConfiguration=(? [0-9]+)"] | transaction host source maxevents=2 maxspan=60s startswith="run_config=" endswith="etc_frw_passed=" | eval runConfig= case(run_config=18,"EDW",run_config=11,"TAS") |table _time host source run_config etc_frw_passwd
but no expected result.
Please suggest.
Thanks
... View more