Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk alert to get consecutive errors from logs

ritwikva
New Member
‎05-11-2015 12:26 PM

Hello Support,

I need a query to get all the errors/exception which are occuring consecutively for more than 25 times in last 3 hours? Could you help?

Thanks
Ritwik

Tags (2)
0 Karma
Reply

woodcock
Esteemed Legend
‎05-19-2015 09:05 AM

Something like this:

sourcetype=mylogs err* OR exception | stats count by host | where count>25
0 Karma
Reply

vietlq414
Explorer
‎09-18-2019 01:32 AM

does it's true if there are some success events between error events.

0 Karma
Reply

jtrucks
Splunk Employee
Splunk Employee
‎05-11-2015 12:59 PM

Please show examples of the logs you're using - specifically show the log entries that hold the data upon which you need to search. Also, please clarify what you mean by "consecutively" in this context. Is this simply a count of > 25 times a particular error has happened within the last three hours? Is it a specific series of 25 events in a certain order?

--
Jesse Trucks
Minister of Magic
0 Karma
Reply

ritwikva
New Member
‎05-11-2015 01:44 PM

Hello Jtrucks,

Thanks for the quick reply.

Here is an example of the log entry

May 11, 2015 3:38:30 PM org.apache.axis2.transport.http.HTTPSender sendViaPost
INFO: Unable to sendViaPost to url[http://customer.xxx.com:19100/CashCRUDWebservice/endpoints]
java.net.SocketTimeoutException: Read timed out
at java.net.SocketInputStream.socketRead0(Native Method)
at java.net.SocketInputStream.read(SocketInputStream.java:152)
at java.net.SocketInputStream.read(SocketInputStream.java:122)
at java.io.BufferedInputStream.fill(BufferedInputStream.java:235)
at java.io.BufferedInputStream.read(BufferedInputStream.java:254)
at org.apache.commons.httpclient.HttpParser.readRawLine(HttpParser.java:78)

**** Error Mon May 11 3:40:00 PM 2015 /com/commerce/droplets/FetchStoreForCommItemDroplet InvalidParameterException

Here in the above log entry, I like to find out if any of the exception occurred more than 25 times in a 3 hour window.

0 Karma
Reply
Get Updates on the Splunk Community!

New This Month in Splunk Observability Cloud - Metrics Usage Analytics, Enhanced K8s ...

The latest enhancements across the Splunk Observability portfolio deliver greater flexibility, better data and ...

Alerting Best Practices: How to Create Good Detectors

At their best, detectors and the alerts they trigger notify teams when applications aren’t performing as ...

Discover Powerful New Features in Splunk Cloud Platform: Enhanced Analytics, ...

Hey Splunky people! We are excited to share the latest updates in Splunk Cloud Platform 9.3.2408. In this ...