Hi All,
source="/export/home/logs/access_log" | rex ".*?HTTP\/\d+\.\d+\" (?<status_code>\d+)"|chart count by status_code
This is giving me the all the HTTP codes and the corresponding counts as below
Code Count
200 5000
404 1,321
500 8,888
301 9,102
I don't want the 200 and 301 codes in my result set. For this, I tried the below logic, but never worked. It still lists the 200 and 301.
I need something like:
Code Count
404 1,321
500 8,888
source="/export/home/gpiadmin/logs/access_log" NOT (" 200 Bytes" AND " 301 Bytes" AND " 302 Bytes")|rex ".*?HTTP\/\d+\.\d+\" (?<status_code>\d+)"|chart count by status_code
Data String I am searching against:
Time Taken: 120039666 URL_STRING: /shop/dept_outfit.jsp 11.111.111.11 - - [28/Aug/2015:02:54:20 -0700] "GET /shop/dept_outfit.jsp HTTP/1.0" 200 Bytes: 56814 "-" "Mozilla/5.0 (compatible; test/1.0; http://open.test.com/dev/test)";
Please advise.
... View more