- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Splunk alert to get consecutive errors from logs
Hello Support,
I need a query to get all the errors/exception which are occuring consecutively for more than 25 times in last 3 hours? Could you help?
Thanks
Ritwik
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
data:image/s3,"s3://crabby-images/9dd94/9dd94b2e112752e754d596f78e5ce328b89fc899" alt="woodcock woodcock"
Something like this:
sourcetype=mylogs err* OR exception | stats count by host | where count>25
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
data:image/s3,"s3://crabby-images/166f7/166f7f3892952b0cb64c8bc3af3c7520b8af1f0a" alt="vietlq414 vietlq414"
does it's true if there are some success events between error events.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
data:image/s3,"s3://crabby-images/1f594/1f594b1b4c0941863df1722dd52dd06a5b9a2e11" alt="Splunk Employee Splunk Employee"
Please show examples of the logs you're using - specifically show the log entries that hold the data upon which you need to search. Also, please clarify what you mean by "consecutively" in this context. Is this simply a count of > 25 times a particular error has happened within the last three hours? Is it a specific series of 25 events in a certain order?
Jesse Trucks
Minister of Magic
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Jtrucks,
Thanks for the quick reply.
Here is an example of the log entry
May 11, 2015 3:38:30 PM org.apache.axis2.transport.http.HTTPSender sendViaPost
INFO: Unable to sendViaPost to url[http://customer.xxx.com:19100/CashCRUDWebservice/endpoints]
java.net.SocketTimeoutException: Read timed out
at java.net.SocketInputStream.socketRead0(Native Method)
at java.net.SocketInputStream.read(SocketInputStream.java:152)
at java.net.SocketInputStream.read(SocketInputStream.java:122)
at java.io.BufferedInputStream.fill(BufferedInputStream.java:235)
at java.io.BufferedInputStream.read(BufferedInputStream.java:254)
at org.apache.commons.httpclient.HttpParser.readRawLine(HttpParser.java:78)
**** Error Mon May 11 3:40:00 PM 2015 /com/commerce/droplets/FetchStoreForCommItemDroplet InvalidParameterException
Here in the above log entry, I like to find out if any of the exception occurred more than 25 times in a 3 hour window.
data:image/s3,"s3://crabby-images/d7f73/d7f73632dd731f9b3dd280d9d048df61ba67932c" alt=""