Getting Data In

Exception logging by time

ruffson
New Member

Hey Guys,

I'm having problems analyzing log files, which are printing out exceptions, traces and exceptions that are an outcome of the first exception.

So there are many lines caused by one exception which are presenting both other exceptions, caused by the first exception, and their traces.

Here is an example:

876 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.261 | de.ct.commons.exception.ObjectNotFoundException: java.lang.reflect.InvocationTargetException
877 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.261 |     at de.ct.commons.facade.category.CategoryFacadeDefaultImpl.getCategoryByCode(CategoryFacadeDefaultImpl.java:92)
938 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.261 |     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
...
958 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.261 |     at java.lang.Thread.run(Thread.java:619)
959 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.261 | Caused by: de.ct.commons.exception.BaseException: java.lang.reflect.InvocationTargetException
961 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.261 |     at de.ct.commons.facade.category.CategoryFacadeDefaultImpl.getCategoryByCode(CategoryFacadeDefaultImpl.java:90)
962 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.261 |     ... 81 more
963 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.261 | Caused by: java.lang.reflect.InvocationTargetException
...
969 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.262 |     at de.ct.commons.cmd.HybrisCommandProcessor.execute(HybrisCommandProcessor.java:72)
970 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.262 |     ... 82 more
971 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.262 | Caused by: de.ct.commons.exception.ObjectNotFoundException: No category found with code men_flannel
972 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.262 |     at de.ct.commons.services.impl.CategoryServiceImpl.getHYCategory(CategoryServiceImpl.java:78)
973 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.262 |     at de.ct.commons.services.impl.CategoryServiceImpl.loadItemByCode(CategoryServiceImpl.java:33)
974 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.262 |     ... 88 more
975 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.462 | Jan 31, 2011 12:00:50 AM com.sun.facelets.FaceletViewHandler handleRenderException
976 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.462 | SEVERE: Error Rendering View[/pages/productoverview.xhtml]
978 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.462 |     at com.sun.facelets.tag.TagAttribute.getObject(TagAttribute.java:235)
979 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.462 |     at com.sun.facelets.tag.TagAttribute.getBoolean(TagAttribute.java:79)
974 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.262 |     ... 88 more
975 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.462 | Jan 31, 2011 12:00:50 AM com.sun.facelets.FaceletViewHandler handleRenderException

So as you can see on the time stamp, this is one event caused by an exception and causing other exceptions (from 00:00:50.261 - 00:00:50.262) . What I want to do with splunk now is to get the exceptions (without their trace obviously) and list them, so I can analyze which of them occur with what frequency.

I tried it with findtypes, typelearner, field extracter etc. but nothing would help me to find similar exceptions, group and list them so that I can work with the data.

Can someone help me? Thank you very much!

Kind regards

0 Karma

woodcock
Esteemed Legend

You need the cluster command; try this:

sourcetype=MySourceType exception | cluster showcount=t | table cluster_count _raw | sort -cluster_count
0 Karma
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...