How to extract word from the splunk logs

aditsss · ‎03-24-2021

Hi Everyone,

How can I extract the below word from the splunk(Null Pointer Exception) logs:

2021-03-19T06:53:54.98455654Z app_name=data-graph-acct environment=e1 ns=sidh-datagraph3 pod_container=data-graph-acct pod_name=data-graph-acct-deployment-257-4w2f5 stream=stdout message=Caused by: java.lang.NullPointerException: null

2021-03-19T06:53:54.984026525Z app_name=data-graph-acct environment=e1 ns=sidh-datagraph3 pod_container=data-graph-acct pod_name=data-graph-acct-deployment-257-4w2f5 stream=stdout message=org.springframework.web.util.NestedServletException: Request processing failed; nested exception is java.lang.NullPointerException

2021-03-19T06:53:54.983956753Z app_name=data-graph-acct environment=e1 ns=sidh-datagraph3 pod_container=data-graph-acct pod_name=data-graph-acct-deployment-257-4w2f5 stream=stdout message=2021-03-18 23:53:54.983 ERROR [dgfaccountnode,bb8854c76341f426,bb8854c76341f426,true] 67 --- [nio-8443-exec-9] c.a.s.d.a.filter.AccountNodeFilter : dgfAccountNodeException=Request processing failed; nested exception is java.lang.NullPointerException

Can someone guide me how to extract NullPointerException word from splunk logs

scelikok · ‎03-24-2021

Hi @aditsss,

If you want to get the error reason you can try below regex;

| rex "java\.lang\.(?<error>[^\s:]+)"

If this reply helps you an upvote and "Accept as Solution" is appreciated.

gcusello · ‎03-24-2021

Hi @aditsss,

let me understand what you mean with "extract word":

do you want to search events where there's this word or do you want to put it in a field?

if the first it's immediate, you have only to insert the "NullPointerException" word in your main search.

If instead you want to extract a field containing this word, you have to use a simple regex

| rex "(?<your_field>NullPointerException)

and you'll have a new field containing ths word.

ciao.

Giuseppe

aditsss · ‎03-24-2021

@gcusello @scelikok

I want to show the complete Error Message for the below logs

2021-03-19T06:53:54.98455654Z app_name=data-graph-acct environment=e1 ns=sidh-datagraph3 pod_container=data-graph-acct pod_name=data-graph-acct-deployment-257-4w2f5 stream=stdout message=Caused by: java.lang.NullPointerException: null

2021-03-19T06:53:54.984026525Z app_name=data-graph-acct environment=e1 ns=sidh-datagraph3 pod_container=data-graph-acct pod_name=data-graph-acct-deployment-257-4w2f5 stream=stdout message=org.springframework.web.util.NestedServletException: Request processing failed; nested exception is java.lang.NullPointerException

2021-03-19T06:53:54.983956753Z app_name=data-graph-acct environment=e1 ns=sidh-datagraph3 pod_container=data-graph-acct pod_name=data-graph-acct-deployment-257-4w2f5 stream=stdout message=2021-03-18 23:53:54.983 ERROR [dgfaccountnode,bb8854c76341f426,bb8854c76341f426,true] 67 --- [nio-8443-exec-9] c.a.s.d.a.filter.AccountNodeFilter : dgfAccountNodeException=Request processing failed; nested exception is java.lang.NullPointerException

The one keyword is NullPointerException.

How can I show the complete Error Message

gcusello · ‎03-24-2021

Hi @aditsss,

please try the below regex:

| rex "message\=(?<message>.*NullPointerException)"

Ciao.

Giuseppe

How to extract word from the splunk logs

chart

drilldown

simple XML

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

New in Observability Cloud - Explicit Bucket Histograms