How to use the NOT operator for combination of two words.
In my log I need to eliminate the errors by considering the combination of the words.
"2013.02.12-03:11:40.818(PST)|sessionid1----|messageid1|clientid1|messageName1|severname1:instance1|exception1 : nullpointer1 exception in the request"
2013.02.12-03:11:40.819(PST)|sessionid2----|messageid2|clientid2|messageName2|severname2:instance2|exception2 : nullpointer2 exception in the request"
2013.02.12-03:11:40.818(PST)|sessionid----|messageid|clientid|messageName|severname:instance|exception : nullpointer exception in the request"
2013.02.12-03:11:40.830(PST)|sessionid3----|messageid3|clientid3|messageName3|severname3:instance3|exception3 : nullpointer3 exception in the request"
I need to eliminate the logs statements which comes with nullpointers and the messageNames
I have written the query as:
source="error_log" host=severname NOT ("messageName1 AND nullpointer1") OR NOT ("messageName2 AND nullpointer2") OR NOT ("messageName3 AND nullpointer3")
if i use this query in splunk, sometime i am able to view the logs which i need to eliminate.
Could you please anyone help me is there any wrong in my query, please let em know the best optimisation.
... View more