https://community.splunk.com/t5/Splunk-Search/matching-different-types-of-exception/m-p/111291#M29162 <P>Hi,</P> <P>I've to match 3 to 4 types of different types of exception and then tag them as Type_exception.</P> <P>sample log :</P> <P>09 Sep 2013 12:25:45,222 [ExecuteThread: '22' for queue: 'default'] ERROR - Remote Exception Exceptionjava.rmi.<STRONG>RemoteException</STRONG>: EJB Exception: ; nested exception is: <BR /> java.lang.NullPointerException<BR /> Start server side stack trace:<BR /> java.rmi.RemoteException: EJB Exception: ; nested exception is: <BR /> java.lang.NullPointerException</P> <P>09 Sep 2013 18:04:00,438 [ExecuteThread: '28' for queue: 'default'] ERROR - Exception Exceptionjava.lang.<STRONG>NullPointerException</STRONG> &lt;&gt; <BR /> java.lang.NullPointerException</P> <P>09 Sep 2013 11:01:37,000 [ExecuteThread: '22' for queue: 'default'] ERROR - Exception Exceptionjava.lang.IllegalStateException: HttpSession is invalid &lt;&gt; <BR /> java.lang.<STRONG>IllegalStateException</STRONG>: HttpSession is invalid</P> <P>How to match exception like remoteexception, NullPointerException, IllegalStateException?</P> <P>There may be other exception too!.<BR /> Do we've to write separate regex for each different exception?</P> <P>Is other any other way?<BR /> Finall we're trying to plot chart showing these many different types exception occurred at different times?<BR /> Is this possible?</P> Wed, 23 Oct 2013 10:56:09 GMT prad18 2013-10-23T10:56:09Z https://community.splunk.com/t5/Splunk-Search/matching-different-types-of-exception/m-p/111291#M29162 <P>Hi,</P> <P>I've to match 3 to 4 types of different types of exception and then tag them as Type_exception.</P> <P>sample log :</P> <P>09 Sep 2013 12:25:45,222 [ExecuteThread: '22' for queue: 'default'] ERROR - Remote Exception Exceptionjava.rmi.<STRONG>RemoteException</STRONG>: EJB Exception: ; nested exception is: <BR /> java.lang.NullPointerException<BR /> Start server side stack trace:<BR /> java.rmi.RemoteException: EJB Exception: ; nested exception is: <BR /> java.lang.NullPointerException</P> <P>09 Sep 2013 18:04:00,438 [ExecuteThread: '28' for queue: 'default'] ERROR - Exception Exceptionjava.lang.<STRONG>NullPointerException</STRONG> &lt;&gt; <BR /> java.lang.NullPointerException</P> <P>09 Sep 2013 11:01:37,000 [ExecuteThread: '22' for queue: 'default'] ERROR - Exception Exceptionjava.lang.IllegalStateException: HttpSession is invalid &lt;&gt; <BR /> java.lang.<STRONG>IllegalStateException</STRONG>: HttpSession is invalid</P> <P>How to match exception like remoteexception, NullPointerException, IllegalStateException?</P> <P>There may be other exception too!.<BR /> Do we've to write separate regex for each different exception?</P> <P>Is other any other way?<BR /> Finall we're trying to plot chart showing these many different types exception occurred at different times?<BR /> Is this possible?</P> Wed, 23 Oct 2013 10:56:09 GMT https://community.splunk.com/t5/Splunk-Search/matching-different-types-of-exception/m-p/111291#M29162 prad18 2013-10-23T10:56:09Z https://community.splunk.com/t5/Splunk-Search/matching-different-types-of-exception/m-p/111292#M29163 <P>Given the limited amount of events you provide, the following will extract the exceptions;</P> <P>in props.conf</P> <PRE><CODE>[your_sourcetype_here] EXTRACT-java_exceptions = Exceptionjava\.[a-z]+\.(?&lt;exception&gt;\S+) </CODE></PRE> <P>Then you can define an <CODE>eventtype</CODE> based on the following search;</P> <PRE><CODE>sourcetype=your_sourcetype exception=* </CODE></PRE> <P><A href="http://docs.splunk.com/Documentation/Splunk/latest/Knowledge/Classifyandgroupsimilarevents#Save_a_search_as_a_new_event_type">http://docs.splunk.com/Documentation/Splunk/latest/Knowledge/Classifyandgroupsimilarevents#Save_a_search_as_a_new_event_type</A></P> <P>After that you can search for <CODE>eventtype=javaexception</CODE> (or whatever you called your eventtype in the previous step).</P> <P>Hope this helps,</P> <P>K</P> Wed, 23 Oct 2013 14:24:01 GMT https://community.splunk.com/t5/Splunk-Search/matching-different-types-of-exception/m-p/111292#M29163 kristian_kolb 2013-10-23T14:24:01Z https://community.splunk.com/t5/Splunk-Search/matching-different-types-of-exception/m-p/111293#M29164 <P>Kristian,<BR /> I'm not expert in regular exp but can we match<BR /> 1. xx.xxx.xxx.exceptionname<BR /> 2. xxx.exceptionname<BR /> 3. xxxxx.exceptionname</P> <P>all these with single regular expression?</P> Thu, 24 Oct 2013 10:52:25 GMT https://community.splunk.com/t5/Splunk-Search/matching-different-types-of-exception/m-p/111293#M29164 prad18 2013-10-24T10:52:25Z https://community.splunk.com/t5/Splunk-Search/matching-different-types-of-exception/m-p/111294#M29165 <P>yes you can. </P> <P>Maybe something like;<BR /> <CODE>\s(?:[^.]+\.)+(?&lt;exception&gt;\S+)\s</CODE></P> <P>which reads; space, one or more non-dot characters followed by a dot, one or more times, followed by one or more non-space characters (this is what we extract as a field), followed by space. </P> <P>sorry for the delay in responding.</P> <P>/k</P> Tue, 29 Oct 2013 20:12:17 GMT https://community.splunk.com/t5/Splunk-Search/matching-different-types-of-exception/m-p/111294#M29165 kristian_kolb 2013-10-29T20:12:17Z