Solved: How to dynamically search logs with terms like "er...

rajgowd1 · ‎12-07-2016

HI,
i have logs written by Tomcat application
i have a table which displays time, environment, applicationame, and log info details. These are displayed based on drop-down values.

but if i want to search for particular search term like error, exception, out of memory, oserror and more, I need to pass these search terms dynamically. is there a query we can write for this?

sundareshr · ‎12-07-2016

You need to use tokens in your SPL to filter based on user entry. Here's some documentation to get you started

http://docs.splunk.com/Documentation/Splunk/6.5.1/Viz/tokens#Define_tokens_for_form_inputs

View solution in original post

sundareshr · ‎12-07-2016

You need to use tokens in your SPL to filter based on user entry. Here's some documentation to get you started

http://docs.splunk.com/Documentation/Splunk/6.5.1/Viz/tokens#Define_tokens_for_form_inputs

rajgowd1 · ‎12-07-2016

Thank you,i am going through the document.

some how i am not seeing Accept button.any idea on this. or
is there any issue from my side

rajgowd1 · ‎12-07-2016

Yes,i see it now. and i just implemented Token in SPL and its working now.
may i know what is the issue with Accept button

sundareshr · ‎12-08-2016

At first, I had posted as a comment. Comments don't have accept. Then I changed to answer.

rajgowd1 · ‎12-08-2016

Hi,
will i get both error info and events i search like below

index=myindex java.lang.stringindexoutofboundsexception OR out of memory

rajgowd1 · ‎12-08-2016

i think this is working,i just tested

index=myindex java.lang.stringindexoutofboundsexception OR (out of memory)

sundareshr · ‎12-07-2016

You should see the accept button now.

How to dynamically search logs with terms like "error" or "exception"?

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms