Hello Iguinn,
Thanks a lot for the answer.However there is no field called message and sample of errors is seen below:
[Sat Jun 2 10:5:46 2014] -e: No Pre-Fill Match. CID: 7c640e59b8e66be3c7061bd60d42c81b, EID: personalbandr, RID: 01_27_07, VAL: 0
host = abc source = /var/log/apache/error.log sourcetype = apache_error
6/2/14
5:05:46.000 PM
[Sat Jun 21 10:05:46 2014] -e: No Pre-Fill Match. CID: 7c640e59b8e66be3c7061bd60
host = abc source = /var/log/apache/error.log sourcetype = apache_error
Is there any other way in which we can create an alert?
Splunk version is 6.1.1
... View more