Splunk Search

why I am not able to find my string using search?

Abilan1
Path Finder

I am trying to find the string using search "com.jdedwards.system.connector.dynamic.InvalidRemoteSessionException". This string is already present in the log which is uploaded in splunk. But I wonder I can find this string which is also present in the log "com.jdedwards.system.connector.dynamic.InvalidSessionException". the only difference between that two string is only one word "Remote". is there any character limit for this?

Tags (1)
0 Karma
1 Solution

chimell
Motivator

Hi Abilan

If you indexed you log data in a sourcetype , just write your sourcetype name and follow it by these strings:

"InvalidRemoteSessionException" and "InvalidSessionException"

Run this search code

sourcetype=........ "InvalidRemoteSessionException" and "InvalidSessionException"

I think it will work

View solution in original post

0 Karma

chimell
Motivator

Hi Abilan

If you indexed you log data in a sourcetype , just write your sourcetype name and follow it by these strings:

"InvalidRemoteSessionException" and "InvalidSessionException"

Run this search code

sourcetype=........ "InvalidRemoteSessionException" and "InvalidSessionException"

I think it will work

0 Karma

chimell
Motivator

thanks good

0 Karma

Abilan1
Path Finder

Hi Chimell,

you are correct.. It also worked. I have made a custom type for my log. Include that also in the search.

Thank you so much....

Regards,
Abilan

0 Karma

sk314
Builder

did you try searching for "*InvalidRemoteSessionException*" and "*InvalidSessionException*"?

0 Karma

Abilan1
Path Finder

Thank You so much. It worked "InvalidRemoteSessionException" .. May i know why we need to include ** in prefix as well suffix?

0 Karma

sk314
Builder

I wasn't sure if you had any events with something following the keywords. So just to be safe, I included the * as the suffix.

0 Karma

Abilan1
Path Finder

Great..Thanks again!

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...