- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- matching different types of exception
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
matching different types of exception
Hi,
I've to match 3 to 4 types of different types of exception and then tag them as Type_exception.
sample log :
09 Sep 2013 12:25:45,222 [ExecuteThread: '22' for queue: 'default'] ERROR - Remote Exception Exceptionjava.rmi.RemoteException: EJB Exception: ; nested exception is:
java.lang.NullPointerException
Start server side stack trace:
java.rmi.RemoteException: EJB Exception: ; nested exception is:
java.lang.NullPointerException
09 Sep 2013 18:04:00,438 [ExecuteThread: '28' for queue: 'default'] ERROR - Exception Exceptionjava.lang.NullPointerException <>
java.lang.NullPointerException
09 Sep 2013 11:01:37,000 [ExecuteThread: '22' for queue: 'default'] ERROR - Exception Exceptionjava.lang.IllegalStateException: HttpSession is invalid <>
java.lang.IllegalStateException: HttpSession is invalid
How to match exception like remoteexception, NullPointerException, IllegalStateException?
There may be other exception too!.
Do we've to write separate regex for each different exception?
Is other any other way?
Finall we're trying to plot chart showing these many different types exception occurred at different times?
Is this possible?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Given the limited amount of events you provide, the following will extract the exceptions;
in props.conf
[your_sourcetype_here]
EXTRACT-java_exceptions = Exceptionjava\.[a-z]+\.(?<exception>\S+)
Then you can define an eventtype based on the following search;
sourcetype=your_sourcetype exception=*
After that you can search for eventtype=javaexception (or whatever you called your eventtype in the previous step).
Hope this helps,
K
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yes you can.
Maybe something like;
\s(?:[^.]+\.)+(?<exception>\S+)\s
which reads; space, one or more non-dot characters followed by a dot, one or more times, followed by one or more non-space characters (this is what we extract as a field), followed by space.
sorry for the delay in responding.
/k
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Kristian,
I'm not expert in regular exp but can we match
1. xx.xxx.xxx.exceptionname
2. xxx.exceptionname
3. xxxxx.exceptionname
all these with single regular expression?
Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!
They're back! Join the SplunkTrust and MVP at .conf24
Enterprise Security Content Update (ESCU) | New Releases
