Alerting

How to configure my email alert to exclude results?

super_virus
New Member

Hi ,

I have set up alerting on Java exceptions:

My search string:

index=myapp_logs source=/opt/man/myapp/myapp.log exception=java*

The above search emails us when a threshold for no of exceptions is met.

I need Spunk to exclude some specific exceptions, Spunk should ignore these multiple exceptions.

java.test.IllegArgumentException
java.test.IllegArgumentException
javat.persistence.testException

How do i get this done?

0 Karma
1 Solution

gokadroid
Motivator

Can you not try to modify the initial search to exclude the strings that you do not require as a start, something like:

index=myapp_logs source=/opt/man/myapp/myapp.log exception=java* NOT ( exception=java*IllegArgumentException OR exception=javat.persistence.testException)

OR if you do some multivalued extractions from where these exception strings are extracted then close the SPL with | search exception!=java*IllegArgumentException and so on.

View solution in original post

gokadroid
Motivator

Can you not try to modify the initial search to exclude the strings that you do not require as a start, something like:

index=myapp_logs source=/opt/man/myapp/myapp.log exception=java* NOT ( exception=java*IllegArgumentException OR exception=javat.persistence.testException)

OR if you do some multivalued extractions from where these exception strings are extracted then close the SPL with | search exception!=java*IllegArgumentException and so on.

super_virus
New Member

Thanks ! this works.

0 Karma
Get Updates on the Splunk Community!

Unlock New Opportunities with Splunk Education: Explore Our Latest Courses!

At Splunk Education, we’re dedicated to providing top-tier learning experiences that cater to every skill ...

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Hey, Splunk Community! Ready to take your data management skills to the next level? Join us for a 3-part ...

Spotting Financial Fraud in the Haystack: A Guide to Behavioral Analytics with Splunk

In today's digital financial ecosystem, security teams face an unprecedented challenge. The sheer volume of ...