Splunk search for Errors associated with each host
Copy
index=_internal sourcetype="splunkd" log_level="ERROR" host!=splunk_server | stats count by host, event_message | sort - count | rename host as Host, event_message as "Error", count as Count
This Splunk search will provide information on errors that have been reported by all Splunk hosts that are sending their internal logs to the indexing tier.
0 comments
[0]
[0]
[0]
[0]
Sign in or Register to submit a comment