Monitoring Splunk

Indexing iphone crash logs with splunk

bala_user
New Member

I am trying to index iphone crash logs with splunk.

Here is what I was thinking.
1. Capture all the header fields as key, value pairs, till "Crashed Thread".
2. For each thread stack, I want to capture the actual backtrace addresses and store them as a field.
3. Index all the register values
4. Extract binary image name, uuid, path, arch, start-end addresses

I am comfortable doing this, but not sure if there is a better way.

When searching logs, I would like the user to enter the backtrace or few addresses in backtrace or symbols in backtrace and be able to parse the information and make appropriate search queries to the index db.

Is there a way I can run my code on the search string entered and build a splunk query out of that?


Incident Identifier: B40D3CDD-A3AF-4914-95D2-5D5D4C292BA1
CrashReporter Key: fa143bf5503fbd1d873fe2c57e86620af832f301
Hardware Model: iPad2,2
Process: Top 3500 Words [866]
Path: /var/mobile/Applications/791ABCC5-1649-4E1F-85F0-0CFE8B2C8DB0/Top 3500 Words.app/Top 3500 Words
Identifier: Top 3500 Words
Version: ??? (???)
Code Type: ARM (Native)
Parent Process: launchd [1]

Date/Time: 2012-01-03 13:45:58.041 -0800
OS Version: iPhone OS 5.0.1 (9A405)
Report Version: 104

Exception Type: EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0xbf800008
Crashed Thread: 0

Thread 0 name: Dispatch queue: com.apple.main-thread
Thread 0 Crashed:
0 libobjc.A.dylib 0x3556cfbc objc_msgSend + 16
1 Top 3500 Words 0x000fdbe8 0xee000 + 64488
2 libobjc.A.dylib 0x3556e0be objc_rootRelease + 30
3 UIKit 0x32742f40 -[UIWindowController transitionViewDidComplete:fromView:toView:] + 1464
4 UIKit 0x326e2934 -[UITransitionView notifyDidCompleteTransition:] + 140
5 UIKit 0x326e27b8 -[UITransitionView _didCompleteTransition:] + 896
6 UIKit 0x3265c814 -[UIViewAnimationState sendDelegateAnimationDidStop:finished:] + 464
7 UIKit 0x32661fb2 -[UIViewAnimationState animationDidStop:finished:] + 46
8 QuartzCore 0x33ee5ba0 CA::Layer::run_animation_callbacks(void*) + 196
9 QuartzCore 0x33f7b402 CA::Layer::run_animation_callbacks_compat(double, void*) + 78
10 QuartzCore 0x33ee54c4 _ZN2CAL14timer_callbackEP16
CFRunLoopTimerPv + 140
11 CoreFoundation 0x3412ba5c __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION
_ + 8
12 CoreFoundation 0x3412b6c2 __CFRunLoopDoTimer + 358
13 CoreFoundation 0x3412a298 __CFRunLoopRun + 1200
14 CoreFoundation 0x340ad4d6 CFRunLoopRunSpecific + 294
15 CoreFoundation 0x340ad39e CFRunLoopRunInMode + 98
16 GraphicsServices 0x30998fc6 GSEventRunModal + 150
17 UIKit 0x3267573c UIApplicationMain + 1084
18 Top 3500 Words 0x000efc0a 0xee000 + 7178
19 Top 3500 Words 0x000efbd4 0xee000 + 7124

Thread 1 name: Dispatch queue: com.apple.libdispatch-manager
Thread 1:
0 libsystem_kernel.dylib 0x36bbe3b4 kevent + 24
1 libdispatch.dylib 0x33154f74 _dispatch_mgr_invoke + 708
2 libdispatch.dylib 0x33154c92 _dispatch_mgr_thread + 30

Thread 2:
0 libsystem_kernel.dylib 0x36bcecd4 __workq_kernreturn + 8
1 libsystem_c.dylib 0x32cf430a _pthread_wqthread + 610
2 libsystem_c.dylib 0x32cf409c start_wqthread + 0

Thread 3 name: WebThread
Thread 3:
0 libsystem_kernel.dylib 0x36bbe010 mach_msg_trap + 20
1 libsystem_kernel.dylib 0x36bbe206 mach_msg + 50
2 CoreFoundation 0x3412b41c __CFRunLoopServiceMachPort + 120
3 CoreFoundation 0x3412a154 __CFRunLoopRun + 876
4 CoreFoundation 0x340ad4d6 CFRunLoopRunSpecific + 294
5 CoreFoundation 0x340ad39e CFRunLoopRunInMode + 98
6 WebCore 0x335de128 _ZL12RunWebThreadPv + 396
7 libsystem_c.dylib 0x32cf9c16 _pthread_start + 314
8 libsystem_c.dylib 0x32cf9ad0 thread_start + 0

Thread 4:
0 libsystem_kernel.dylib 0x36bcecd4 __workq_kernreturn + 8
1 libsystem_c.dylib 0x32cf430a _pthread_wqthread + 610
2 libsystem_c.dylib 0x32cf409c start_wqthread + 0

Thread 0 crashed with ARM Thread State:
r0: 0x1120efc0 r1: 0x36f3d09c r2: 0x00000001 r3: 0x000000b0
r4: 0xbf800000 r5: 0x36f3d09c r6: 0x0022a190 r7: 0x2feebc6c
r8: 0x0022a190 r9: 0x0dbcf427 r10: 0x00000001 r11: 0x0024d610
ip: 0x3ed3f328 sp: 0x2feebc54 lr: 0x000fdbef pc: 0x3556cfbc
cpsr: 0x000f0030

Binary Images:
0xee000 - 0x103fff +Top 3500 Words armv7 /var/mobile/Applications/791ABCC5-1649-4E1F-85F0-0CFE8B2C8DB0/Top 3500 Words.app/Top 3500 Words
0x2feed000 - 0x2ff0ed57 dyld armv7 /usr/lib/dyld
0x303ae000 - 0x303baff0 libCRFSuite.dylib armv7 /usr/lib/libCRFSuite.dylib
0x303bb000 - 0x303fbffd libGLImage.dylib armv7 <9440420d838a382caa175399d74a5044> /System/Library/Frameworks/OpenGLES.framework/libGLImage.dylib
0x303fc000 - 0x3047bffd libsqlite3.dylib armv7 /usr/lib/libsqlite3.dylib
0x304b2000 - 0x3066efff ImageIO armv7 /System/Library/Frameworks/ImageIO.framework/ImageIO
0x307c9000 - 0x307c9fff vecLib armv7 <106ef8294b0d3c2d89e9230527846227> /System/Library/Frameworks/Accelerate.framework/Frameworks/vecLib.framework/vecLib
0x307d6000 - 0x307ddfff ProtocolBuffer armv7 <6ca7dca9370132a2a592356bf9f2170b> /System/Library/PrivateFrameworks/ProtocolBuffer.framework/ProtocolBuffer
0x307e2000 - 0x307f1fff SpringBoardServices armv7 <79f1564c1b23303eb3b7db67f9375228> /System/Library/PrivateFrameworks/SpringBoardServices.framework/SpringBoardServices
0x307f8000 - 0x30955ffe libmecabra.dylib armv7 <170c82a3c716372abe7ae0aae96d4805> /usr/lib/libmecabra.dylib
0x30980000 - 0x30991fff DataAccessExpress armv7 <6bc443b0f87e338698cac9e5a96e8f8f> /System/Library/PrivateFrameworks/DataAccessExpress.framework/DataAccessExpress
0x30992000 - 0x30994ffe MobileInstallation armv7 <4ccf76f0e6cb3cd7b4e0087c2f284a1d> /System/Library/PrivateFrameworks/MobileInstallation.framework/MobileInstallation
0x30995000 - 0x309a0fff GraphicsServices armv7 <4ec745ffb2e039faab4b39a30268f707> /System/Library/PrivateFrameworks/GraphicsServices.framework/GraphicsServices
0x30aae000 - 0x30ab4fff liblaunch.dylib armv7 <09f21c3e774c30b1aab1b56c2d6efbc3> /usr/lib/system/liblaunch.dylib
0x30af4000 - 0x30af4fff libCVMSPluginSupport.dylib armv7 <85582e1094633fccb52b50ca13c5a5d0> /System/Library/Frameworks/OpenGLES.framework/libCVMSPluginSupport.dylib
0x30af5000 - 0x30b58ffb IMCore armv7 /System/Library/PrivateFrameworks/IMCore.framework/IMCore
0x30c4e000 - 0x30cf8fff libBLAS.dylib armv7 <9aabff01422f3cb8960f93d11d2b6de1> /System/Library/Frameworks/Accelerate.framework/Frameworks/vecLib.framework/libBLAS.dylib
0x30cf9000 - 0x30d29ffe ContentIndex armv7 /System/Library/PrivateFrameworks/ContentIndex.framework/ContentIndex
0x30d44000 - 0x30d79fff DataAccess armv7 <432578d415dd3398b3487f003b3100ac> /System/Library/PrivateFrameworks/DataAccess.framework/DataAccess
0x30d7c000 - 0x30dbffff libcommonCrypto.dylib armv7 /usr/lib/system/libcommonCrypto.dylib
0x30dc0000 - 0x30de3ff7 Bom armv7 <0e6087f75a81345ea81751197ccb712c> /System/Library/PrivateFrameworks/Bom.framework/Bom
0x30f70000 - 0x30f77ff7 libc++abi.dylib armv7 /usr/lib/libc++abi.dylib
0x30f86000 - 0x30f9dfff WebBookmarks armv7 /System/Library/PrivateFrameworks/WebBookmarks.framework/WebBookmarks
0x30fb0000 - 0x30fb1ffe DataMigration armv7 /System/Library/PrivateFrameworks/DataMigration.framework/DataMigration
0x30fb2000 - 0x3108cff6 vImage armv7 <42a5e58ff1b9350cad90de36bd3ceb09> /System/Library/Frameworks/Accelerate.framework/Frameworks/vImage.framework/vImage
0x311cd000 - 0x311eaff7 libsystem_info.dylib armv7 <1e36ab94661c372bab5a801d68c79353> /usr/lib/system/libsystem_info.dylib
0x31224000 - 0x3147eff7 MediaToolbox armv7 /System/Library/PrivateFrameworks/MediaToolbox.framework/MediaToolbox
0x31491000 - 0x31497fff libnotify.dylib armv7 <1e374857ac68370095ddbafe94f021a1> /usr/lib/system/libnotify.dylib
0x31564000 - 0x31564ffe libkeymgr.dylib armv7 <791bb8b832943b2392c0c35228f52e09> /usr/lib/system/libkeymgr.dylib
0x3156c000 - 0x3157bff7 OpenGLES armv7 <6d1afb451f50310895ec59864739e781> /System/Library/Frameworks/OpenGLES.framework/OpenGLES
0x316ef000 - 0x31700ff3 libxpc.dylib armv7 <7d49e385ee5d3e7eb08d06525abd6435> /usr/lib/system/libxpc.dylib
0x31701000 - 0x317adff6 MediaControlSender armv7 <4c0982b21ecf35aead8e0bef55d842b0> /System/Library/PrivateFrameworks/MediaControlSender.framework/MediaControlSender
0x317ae000 - 0x317b1ff8 libcompiler_rt.dylib armv7 <414332f9a55238bab2cbec323e0fc8da> /usr/lib/system/libcompiler_rt.dylib
0x317b2000 - 0x317fdffe CoreLocation armv7 /System/Library/Frameworks/CoreLocation.framework/CoreLocation
0x319f8000 - 0x319fffff AssetsLibraryServices armv7 /System/Library/PrivateFrameworks/AssetsLibraryServices.framework/AssetsLibraryServices
0x31b35000 - 0x31b55fff libxslt.1.dylib armv7 /usr/lib/libxslt.1.dylib
0x31b64000 - 0x31bfcfff EventKit armv7 /System/Library/Frameworks/EventKit.framework/EventKit
0x31ce4000 - 0x31d20ff7 iCalendar armv7 <59d80290d8733df8a6310da65b497fc9> /System/Library/PrivateFrameworks/iCalendar.framework/iCalendar
0x31d27000 - 0x31d2bfff FTClientServices armv7 <8f823e791c9e37b4b47323bb0286e86c> /System/Library/PrivateFrameworks/FTClientServices.framework/FTClientServices
0x31d94000 - 0x31d9fff7 AccountSettings armv7 <090bb6a4f97433089b5cabc6a40c619a> /System/Library/PrivateFrameworks/AccountSettings.framework/AccountSettings
0x31da0000 - 0x31dafffc MobileDeviceLink armv7 <09c637a85e3d3af488e59ced95a5a916> /System/Library/PrivateFrameworks/MobileDeviceLink.framework/MobileDeviceLink
0x32644000 - 0x32addfff UIKit armv7 <97b527cd6fba35c6bb39263e0f362223> /System/Library/Frameworks/UIKit.framework/UIKit
0x32b18000 - 0x32c96fff Foundation armv7 /System/Library/Frameworks/Foundation.framework/Foundation
0x32cd4000 - 0x32ce9fff libresolv.9.dylib armv7 <97d6ebbb53ae3e0480f51771c9665613> /usr/lib/libresolv.9.dylib
0x32cea000 - 0x32d77ff3 libsystem_c.dylib armv7 <1707c3cf3c5b3045af4bed38ff8420a6> /usr/lib/system/libsystem_c.dylib
0x32d81000 - 0x32dcaff9 ManagedConfiguration armv7 <05711081dd883c58a844c5f9c251e8c9> /System/Library/PrivateFrameworks/ManagedConfiguration.framework/ManagedConfiguration
0x32f1e000 - 0x32fccffb Message armv7 <0d844e0108b1301bb08a74df3e3589b5> /System/Library/PrivateFrameworks/Message.framework/Message
0x32fe1000 - 0x33004ffd MobileSync armv7 /System/Library/PrivateFrameworks/MobileSync.framework/MobileSync
0x33005000 - 0x33009fff CertUI armv7 <9d24f62513913888b2ac55f1db27b908> /System/Library/PrivateFrameworks/CertUI.framework/CertUI
0x33107000 - 0x33150ff3 AddressBook armv7 <0a858565acd03f28a1bc69a650b64a7b> /System/Library/Frameworks/AddressBook.framework/AddressBook
0x33151000 - 0x33167fff libdispatch.dylib armv7 /usr/lib/system/libdispatch.dylib
0x331b3000 - 0x331b6ffe CaptiveNetwork armv7 /System/Library/PrivateFrameworks/CaptiveNetwork.framework/CaptiveNetwork
0x331b7000 - 0x331b9ffd libCoreVMClient.dylib armv7 <6ddb7cf8a93830628787a5b83eea0f1d> /System/Library/Frameworks/OpenGLES.framework/libCoreVMClient.dylib
0x3328e000 - 0x33296ffe MobileWiFi armv7 /System/Library/PrivateFrameworks/MobileWiFi.framework/MobileWiFi
0x33297000 - 0x332bcff9 OpenCL armv7 /System/Library/PrivateFrameworks/OpenCL.framework/OpenCL
0x33360000 - 0x33383ff7 PrintKit armv7 <279fb51deec3377ab9f820af2da4d915> /System/Library/PrivateFrameworks/PrintKit.framework/PrintKit
0x33536000 - 0x33cedffb WebCore armv7 <7137e0ea008f3a3e8ae9e57f96d34d1d> /System/Library/PrivateFrameworks/WebCore.framework/WebCore
0x33d3b000 - 0x33d6efff MIME armv7 <0c29ae0826c53ebbaf9424b389016b68> /System/Library/PrivateFrameworks/MIME.framework/MIME
0x33d6f000 - 0x33d82fff Notes armv7 /System/Library/PrivateFrameworks/Notes.framework/Notes
0x33dfa000 - 0x33dfdfff libsystem_network.dylib armv7 /usr/lib/system/libsystem_network.dylib
0x33dfe000 - 0x33e02ffd IOSurface armv7 <0f003f50b18e3dbf87607d819e0ac6b9> /System/Library/PrivateFrameworks/IOSurface.framework/IOSurface
0x33e03000 - 0x33eb0ff7 libxml2.2.dylib armv7 <78462273eb5b38d1a0873b02f0e35e23> /usr/lib/libxml2.2.dylib
0x33eba000 - 0x33faaff3 QuartzCore armv7 /System/Library/Frameworks/QuartzCore.framework/QuartzCore
0x33fab000 - 0x33facffd CoreSurface armv7 /System/Library/PrivateFrameworks/CoreSurface.framework/CoreSurface
0x3407b000 - 0x34085ff7 libbz2.1.0.dylib armv7 <28583efb9f1b38e7ae83c667b07dbd08> /usr/lib/libbz2.1.0.dylib
0x3409e000 - 0x341b5ff9 CoreFoundation armv7 /System/Library/Frameworks/CoreFoundation.framework/CoreFoundation
0x341b6000 - 0x341c0ffb libvMisc.dylib armv7 /System/Library/Frameworks/Accelerate.framework/Frameworks/vecLib.framework/libvMisc.dylib
0x341c5000 - 0x341d9ffb PersistentConnection armv7 <81eb1b3e08cf3d7196313307ad60649d> /System/Library/PrivateFrameworks/PersistentConnection.framework/PersistentConnection
0x341da000 - 0x341f0ff7 DictionaryServices armv7 <5bbab664f97932a79a1566fda3a4383e> /System/Library/PrivateFrameworks/DictionaryServices.framework/DictionaryServices
0x34719000 - 0x3471afff libremovefile.dylib armv7 <9c8cee9652453241ac1fc99eab05c40a> /usr/lib/system/libremovefile.dylib
0x34764000 - 0x34769ffe CrashReporterSupport armv7 /System/Library/PrivateFrameworks/CrashReporterSupport.framework/CrashReporterSupport
0x3483c000 - 0x34849ff7 libbsm.0.dylib armv7 /usr/lib/libbsm.0.dylib
0x3485b000 - 0x3485fffc libcache.dylib armv7 <4511f0ec5b713636aaade7245a12553c> /usr/lib/system/libcache.dylib
0x34860000 - 0x34866ffe MobileKeyBag armv7 /System/Library/PrivateFrameworks/MobileKeyBag.framework/MobileKeyBag
0x3486e000 - 0x34b2ffff libLAPACK.dylib armv7 <5490a87fe5153771b9c67940292842ba> /System/Library/Frameworks/Accelerate.framework/Frameworks/vecLib.framework/libLAPACK.dylib
0x34b30000 - 0x34b34ffe libAccessibility.dylib armv7 /usr/lib/libAccessibility.dylib
0x34b37000 - 0x34b46ff2 GenerationalStorage armv7 /System/Library/PrivateFrameworks/GenerationalStorage.framework/GenerationalStorage
0x34b5e000 - 0x34b61fff ActorKit armv7 <8c167170891238b3940f9f54105b6eb9> /System/Library/PrivateFrameworks/ActorKit.framework/ActorKit
0x34b67000 - 0x34ba4fff FTServices armv7 /System/Library/PrivateFrameworks/FTServices.framework/FTServices
0x34cb2000 - 0x34cb8fff MobileIcons armv7 <2f4c13053206306996726629b0b7eb01> /System/Library/PrivateFrameworks/MobileIcons.framework/MobileIcons
0x34ccd000 - 0x34d09ff7 AppSupport armv7 /System/Library/PrivateFrameworks/AppSupport.framework/AppSupport
0x34d14000 - 0x34d18fff libGFXShared.dylib armv7 <0a36fb9d60a43479943bafb2f81313b1> /System/Library/Frameworks/OpenGLES.framework/libGFXShared.dylib
0x34d2f000 - 0x35273ff5 FaceCoreLight armv7 /System/Library/PrivateFrameworks/FaceCoreLight.framework/FaceCoreLight
0x3527f000 - 0x35280fff libdyld.dylib armv7 /usr/lib/system/libdyld.dylib
0x35285000 - 0x35285fff Accelerate armv7 /System/Library/Frameworks/Accelerate.framework/Accelerate
0x352aa000 - 0x352f4ff3 libvDSP.dylib armv7 /System/Library/Frameworks/Accelerate.framework/Frameworks/vecLib.framework/libvDSP.dylib
0x352f5000 - 0x352f6fff libsystem_blocks.dylib armv7 <4bb9797771d037879bec814fe750d86d> /usr/lib/system/libsystem_blocks.dylib
0x35340000 - 0x35391ff6 libstdc++.6.dylib armv7 /usr/lib/libstdc++.6.dylib
0x353db000 - 0x354abffc WebKit armv7 <74661b1bf4613aafb827bfe0134ed92b> /System/Library/PrivateFrameworks/WebKit.framework/WebKit
0x354ae000 - 0x354e9ff7 libCGFreetype.A.dylib armv7 <753daf497ca736739a30126661a522f1> /System/Library/Frameworks/CoreGraphics.framework/Resources/libCGFreetype.A.dylib
0x354ee000 - 0x354f7fff libMobileGestalt.dylib armv7 /usr/lib/libMobileGestalt.dylib
0x354f8000 - 0x35568ff6 CoreImage armv7 /System/Library/Frameworks/CoreImage.framework/CoreImage
0x35569000 - 0x3562fd43 libobjc.A.dylib armv7 /usr/lib/libobjc.A.dylib
0x35630000 - 0x35636ff3 liblockdown.dylib armv7 /usr/lib/liblockdown.dylib
0x35637000 - 0x3569bffb MessageUI armv7 /System/Library/Frameworks/MessageUI.framework/MessageUI
0x356a9000 - 0x356f2ff0 libc++.1.dylib armv7 /usr/lib/libc++.1.dylib
0x35ab6000 - 0x35b2ffff ProofReader armv7 <09d057676f6837cd9e7a735444b67e77> /System/Library/PrivateFrameworks/ProofReader.framework/ProofReader
0x35b30000 - 0x35b6fff3 QuickLook armv7 /System/Library/Frameworks/QuickLook.framework/QuickLook
0x35c68000 - 0x35c94fff libtidy.A.dylib armv7 /usr/lib/libtidy.A.dylib
0x35da9000 - 0x35da9fff libunwind.dylib armv7 /usr/lib/system/libunwind.dylib
0x35dfa000 - 0x35e31fff Security armv7 /System/Library/Frameworks/Security.framework/Security
0x35e32000 - 0x35e6bffb VideoToolbox armv7 <49f9f09f23f7396b94a29bb1280759fe> /System/Library/PrivateFrameworks/VideoToolbox.framework/VideoToolbox
0x35e6c000 - 0x35fb1fff CoreGraphics armv7 <641fb6e558f239588a8bd05dbefff99a> /System/Library/Frameworks/CoreGraphics.framework/CoreGraphics
0x35fb2000 - 0x3614a60f CoreData armv7 /System/Library/Frameworks/CoreData.framework/CoreData
0x36186000 - 0x3618bffc libsystem_dnssd.dylib armv7 <4d8b38f1cb603f0d8af78c56c485f05a> /usr/lib/system/libsystem_dnssd.dylib
0x361be000 - 0x36241ffc CoreMotion armv7 /System/Library/Frameworks/CoreMotion.framework/CoreMotion
0x36244000 - 0x36249ffe ApplePushService armv7 <2e620a6e8ee8387ba2771cfd7870c90e> /System/Library/PrivateFrameworks/ApplePushService.framework/ApplePushService
0x36315000 - 0x3634aff7 SystemConfiguration armv7 <753be0ebdcb13b24b1a4adcdc94d6bd9> /System/Library/Frameworks/SystemConfiguration.framework/SystemConfiguration
0x3634b000 - 0x363f1fff AddressBookUI armv7 /System/Library/Frameworks/AddressBookUI.framework/AddressBookUI
0x363f2000 - 0x363f3fff libdnsinfo.dylib armv7 /usr/lib/system/libdnsinfo.dylib
0x3641b000 - 0x3643afff libSystem.B.dylib armv7 <31a0ffbb18bf3a28b46fd286733e7d9f> /usr/lib/libSystem.B.dylib
0x3643b000 - 0x36529ffa libiconv.2.dylib armv7 <6e858938edb93162ba8cf25702f08b16> /usr/lib/libiconv.2.dylib
0x3652a000 - 0x36540ff3 libmis.dylib armv7 /usr/lib/libmis.dylib
0x36549000 - 0x36555fff libz.1.dylib armv7 /usr/lib/libz.1.dylib
0x365ba000 - 0x365bdffd libmacho.dylib armv7 <3237bc9c109e3354bc4b38b957243f31> /usr/lib/system/libmacho.dylib
0x365c1000 - 0x365daff7 libRIP.A.dylib armv7 /System/Library/Frameworks/CoreGraphics.framework/Resources/libRIP.A.dylib
0x365df000 - 0x365e3ffe AggregateDictionary armv7 /System/Library/PrivateFrameworks/AggregateDictionary.framework/AggregateDictionary
0x36722000 - 0x3677dfff StoreServices armv7 <1463a9f90fbd3d349544cf016e1ddd46> /System/Library/PrivateFrameworks/StoreServices.framework/StoreServices
0x3677e000 - 0x367c3fff GeoServices armv7 <6c9eb6372f723a57852cfc9ed7b78e31> /System/Library/PrivateFrameworks/GeoServices.framework/GeoServices
0x368ad000 - 0x368b0ffc CoreTime armv7 /System/Library/PrivateFrameworks/CoreTime.framework/CoreTime
0x368b3000 - 0x36904fff CoreText armv7 <23150093d39b393e9bc5f8230176df47> /System/Library/Frameworks/CoreText.framework/CoreText
0x36b77000 - 0x36bbbffb MobileCoreServices armv7 <9a79a2d389ba35389a30782ed01c46dd> /System/Library/Frameworks/MobileCoreServices.framework/MobileCoreServices
0x36bbd000 - 0x36bd3ffd libsystem_kernel.dylib armv7 /usr/lib/system/libsystem_kernel.dylib
0x36bfd000 - 0x36bfefff libsystem_sandbox.dylib armv7 /usr/lib/system/libsystem_sandbox.dylib
0x36c2d000 - 0x36f9effb TextInput armv7 <64d1227219b03c51ba4854ec2f79c335> /System/Library/PrivateFrameworks/TextInput.framework/TextInput
0x370bb000 - 0x370c2fff MailServices armv7 /System/Library/PrivateFrameworks/MailServices.framework/MailServices
0x370df000 - 0x37128ffa CoreMedia armv7 /System/Library/Frameworks/CoreMedia.framework/CoreMedia
0x3748e000 - 0x3766bff7 AudioToolbox armv7 /System/Library/Frameworks/AudioToolbox.framework/AudioToolbox
0x3767a000 - 0x37690ff5 EAP8021X armv7 <16801802d86e3c479f3034034192faed> /System/Library/PrivateFrameworks/EAP8021X.framework/EAP8021X
0x3769b000 - 0x376a7fff CoreVideo armv7 <474c89eb09fe3464851a20d76052341b> /System/Library/Frameworks/CoreVideo.framework/CoreVideo
0x376a8000 - 0x376a8fff libgcc_s.1.dylib armv7 <69d8dab7388b33d38b30708fd6b6a340> /usr/lib/libgcc_s.1.dylib
0x377d7000 - 0x378aeff1 CFNetwork armv7 <6fbc9f187eaa30009780e70288c9f289> /System/Library/Frameworks/CFNetwork.framework/CFNetwork
0x378d4000 - 0x37a1dff1 libicucore.A.dylib armv7 <1bc960f75d633190a09b093209a9f0c5> /usr/lib/libicucore.A.dylib
0x37b2e000 - 0x37b78fff CoreTelephony armv7 <1f4cacb552533c948122cb180f4192b3> /System/Library/Frameworks/CoreTelephony.framework/CoreTelephony
0x37b79000 - 0x37bb6fff IOKit armv7 /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit
0x37c2f000 - 0x37d53ff3 JavaScriptCore armv7 <24ff2747b3973aecb9c37960eba5ff4d> /System/Library/PrivateFrameworks/JavaScriptCore.framework/JavaScriptCore
0x37ec0000 - 0x37f89fff Celestial armv7 /System/Library/PrivateFrameworks/Celestial.framework/Celestial
0x37f96000 - 0x37f9bff7 libcopyfile.dylib armv7 <9072462f28af3665875b3ecaba002c00> /usr/lib/system/libcopyfile.dylib
0x37f9c000 - 0x37fa0ffd IOMobileFramebuffer armv7 /System/Library/PrivateFrameworks/IOMobileFramebuffer.framework/IOMobileFramebuffer
0x37fe6000 - 0x38022fff IMFoundation armv7 /System/Library/PrivateFrameworks/IMCore.framework/Frameworks/IMFoundation.framework/IMFoundation
0x38023000 - 0x3807afff CoreAudio armv7 <2e4975a2156e328585f2a478e80704fc> /System/Library/Frameworks/CoreAudio.framework/CoreAudio
0x38087000 - 0x3808bfff Marco armv7 <526949ce76323de09ee69812383c2953> /System/Library/PrivateFrameworks/Marco.framework/Marco
0x3808c000 - 0x380b5ff7 AppleAccount armv7 /System/Library/PrivateFrameworks/AppleAccount.framework/AppleAccount
0x380dc000 - 0x380dcffd liblangid.dylib armv7 <342170169bf232a0888912f5ef97112d> /usr/lib/liblangid.dylib

Tags (2)
0 Karma

gkanapathy
Splunk Employee
Splunk Employee

This seems fine, and it seems to me you should simply set things up so that each dump log is a single event in Splunk. Then as for your users, it's automatic, or pretty much what Splunk does in the simplest of cases: they type in key words (or wildcards, or field=value searches) and Splunk will return events (i.e. 1 crash log) that match. Is the use case more complex than this?

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...