Hello,
I need to anonimize data in search-time and count by message.
Example.
source log file contains:
E 120327 153238.682 THREAD/CLASS - java.lang.InterruptedException A#1234
at com.applyRequests(MobileSession.java:195)
Caused by: java.lang.InterruptedException
at com.applyRequests(MobileSession.java:159)
E 120327 153239.682 THREAD/CLASS - java.lang.InterruptedException A#2345
at com.applyRequests(MobileSession.java:195)
Caused by: java.lang.InterruptedException
at com.applyRequests(MobileSession.java:159)
E 120327 153240.682 THREAD/CLASS - java.lang.AnotherException A#2345
in "splunk>search>event list" i want to see:
E 120327 153238.682 THREAD/CLASS - java.lang.InterruptedException A#XXXX
E 120327 153239.682 THREAD/CLASS - java.lang.InterruptedException A#XXXX
E 120327 153240.682 THREAD/CLASS - java.lang.AnotherException A#XXXX
in "splunk>search>table" i want to see:
message count
java.lang.InterruptedException A#XXXX 2
java.lang.AnotherException A#XXXX 1
but i still need to view a source log file with full stacktrace of exception
because of this i cant anonimize data A#2345 -> A#XXXX at index-time
... View more