Hello,
I am new to Splunk and attempting to parse and display a single line of text from a java stack trace captured in a single event.
Here is a sample of the stack trace:
com.sun.proxy.$Proxy90.executeOpCodeForXml(Unknown Source)
ca.shaw.billing.integration.core.BrmGateway.buildConnection(BrmGateway.java:61)
ca.shaw.billing.integration.core.BrmGateway.executeOpCodeForXml(BrmGateway.java:39)
ca.shaw.billing.tasks.account.overview.AccountOverviewTask.getAgingBucketsResponseFlist(AccountOverviewTask.java:93)
ca.shaw.billing.tasks.account.overview.AccountOverviewTask.getAccountOverviewInfo(AccountOverviewTask.java:64)
I have built a "top" display for all the events which find this stack trace over a given period of time using the following query:
index=brm source=/opt/brm/weblogic/Oracle/Middleware/user_projects/domains/billing_service_domain/servers/* "[STUCK] ExecuteThread" "socketRead0" | rex field=_raw "X_SHAW_TRANSACTION_ID:(?.*)"
| eval myTime=strftime(_time,"%Y-%m-%dT%H:%M:%S.%Q")
| dedup theTransaction
| top 0 myTime,theTransaction
What I am having trouble with is parsing out the line that follows a static line which is in all stack traces:
ca.shaw.billing.integration.core.BrmGateway.executeOpCodeForXml(BrmGateway.java:39)
...then add this result to the display as well.
From above, the line I would want is:
ca.shaw.billing.tasks.account.overview.AccountOverviewTask.getAgingBucketsResponseFlist(AccountOverviewTask.java:93)
Any help would be appreciated!
... View more