I have a complicated request that starts like
host=*hb* Exception OR Exception: NOT whitehat NOT org.springframework.security.web.firewall.RequestRejectedException NOT WARN NOT INFO |
for narrowing search results and get the only exception lines, but It unexpectedly ignoring log lines like
2019/07/09 07:13:53.444 [1;31m ERROR[m [ServicelayerJob] (full-Index-cronJob) Job - Caught throwable 367
java.lang.ArrayIndexOutOfBoundsException: 367
at java.util.stream.SortedOps$SizedRefSortingSink.accept(SortedOps.java:364)
...
if I change to ... Exception OR Exception: OR ArrayIndexOutOfBoundsException ... then it works as expected. Also query *Exception OR Exception: with a wildcard works only on a short time range, and the job falls for a needed time range. How should I change my initial query for grabbing lines with ArrayIndexOutOfBoundsException and the similar one? Even simple host=*hb* Exception OR Exception: AND NOT whitehat doesn't catch a line with ArrayIndexOutOfBoundsException
Thanks.
Splunk version: 7.1.0
... View more