Unusual Exceptions

bheemeshwary · ‎09-05-2012

I want a query to find the unusual exceptions with in a span of one hour. Means it should be compared with the previous logs and determine whether it is not a regular exception or a new exception, that may cause a problem to the application. And can i automate this, which should run in regular intervals

dart · ‎09-05-2012

I see the question as how do I find exceptions that have not happened before?
There are a number of ways of doing this kind of task. I would build a lookup of all previously seen exception types and then only alert on those that we have not previously seen.

In this case, I'd possibly even keep other data about the source of the exception, such as the component or time that it occurred.

dart · ‎09-05-2012

So what I mean is schedule Splunk to build the lookup for you. Does that work? You can use the results of a search as a lookup. You can also use |inputlookup append=t name_of_your_lookup to merge in any previous results

bheemeshwary · ‎09-05-2012

Thnaks Dart,
What i mean to say is , maintaining look up for all the exceptions which are already happened is very tedious job.Any way we have the logs which are saved, My idea is compare the logs of last one hour with the last 7 or 30 days and need to find the unseen exceptions.

Unusual Exceptions

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms