Getting Data In

Exception logging by time

ruffson
New Member

Hey Guys,

I'm having problems analyzing log files, which are printing out exceptions, traces and exceptions that are an outcome of the first exception.

So there are many lines caused by one exception which are presenting both other exceptions, caused by the first exception, and their traces.

Here is an example:

876 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.261 | de.ct.commons.exception.ObjectNotFoundException: java.lang.reflect.InvocationTargetException
877 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.261 |     at de.ct.commons.facade.category.CategoryFacadeDefaultImpl.getCategoryByCode(CategoryFacadeDefaultImpl.java:92)
938 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.261 |     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
...
958 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.261 |     at java.lang.Thread.run(Thread.java:619)
959 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.261 | Caused by: de.ct.commons.exception.BaseException: java.lang.reflect.InvocationTargetException
961 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.261 |     at de.ct.commons.facade.category.CategoryFacadeDefaultImpl.getCategoryByCode(CategoryFacadeDefaultImpl.java:90)
962 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.261 |     ... 81 more
963 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.261 | Caused by: java.lang.reflect.InvocationTargetException
...
969 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.262 |     at de.ct.commons.cmd.HybrisCommandProcessor.execute(HybrisCommandProcessor.java:72)
970 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.262 |     ... 82 more
971 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.262 | Caused by: de.ct.commons.exception.ObjectNotFoundException: No category found with code men_flannel
972 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.262 |     at de.ct.commons.services.impl.CategoryServiceImpl.getHYCategory(CategoryServiceImpl.java:78)
973 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.262 |     at de.ct.commons.services.impl.CategoryServiceImpl.loadItemByCode(CategoryServiceImpl.java:33)
974 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.262 |     ... 88 more
975 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.462 | Jan 31, 2011 12:00:50 AM com.sun.facelets.FaceletViewHandler handleRenderException
976 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.462 | SEVERE: Error Rendering View[/pages/productoverview.xhtml]
978 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.462 |     at com.sun.facelets.tag.TagAttribute.getObject(TagAttribute.java:235)
979 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.462 |     at com.sun.facelets.tag.TagAttribute.getBoolean(TagAttribute.java:79)
974 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.262 |     ... 88 more
975 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.462 | Jan 31, 2011 12:00:50 AM com.sun.facelets.FaceletViewHandler handleRenderException

So as you can see on the time stamp, this is one event caused by an exception and causing other exceptions (from 00:00:50.261 - 00:00:50.262) . What I want to do with splunk now is to get the exceptions (without their trace obviously) and list them, so I can analyze which of them occur with what frequency.

I tried it with findtypes, typelearner, field extracter etc. but nothing would help me to find similar exceptions, group and list them so that I can work with the data.

Can someone help me? Thank you very much!

Kind regards

0 Karma

woodcock
Esteemed Legend

You need the cluster command; try this:

sourcetype=MySourceType exception | cluster showcount=t | table cluster_count _raw | sort -cluster_count
0 Karma
Get Updates on the Splunk Community!

Registration for Splunk University is Now Open!

Are you ready for an adventure in learning?   Brace yourselves because Splunk University is back, and it's ...

Splunkbase | Splunk Dashboard Examples App for SimpleXML End of Life

The Splunk Dashboard Examples App for SimpleXML will reach end of support on Dec 19, 2024, after which no new ...

Understanding Generative AI Techniques and Their Application in Cybersecurity

Watch On-Demand Artificial intelligence is the talk of the town nowadays, with industries of all kinds ...