can some one suggest a query to send the unique errorcode count.
Example enter image description here 2006
in between the tags(in place of 2006) different codes are printed i need to query to pull all the unique error codes
Asked
Active
Viewed 745 times
1 Answers
1
You can use the rex command to extract the desired values. It will look something like this:
your_initial_query
| rex field=_raw "<com:errorCode>(?<code>.*)<\/com:errorCode>"
| stats count by code
The second line tells rex to extract everything between the errorCode tags and save that to a field called code. You can then use the stats command to count the number of times a code is seen.
pjnike
- 181
- 6