Getting Data In

Exception logging by time

ruffson
New Member

Hey Guys,

I'm having problems analyzing log files, which are printing out exceptions, traces and exceptions that are an outcome of the first exception.

So there are many lines caused by one exception which are presenting both other exceptions, caused by the first exception, and their traces.

Here is an example:

876 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.261 | de.ct.commons.exception.ObjectNotFoundException: java.lang.reflect.InvocationTargetException
877 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.261 |     at de.ct.commons.facade.category.CategoryFacadeDefaultImpl.getCategoryByCode(CategoryFacadeDefaultImpl.java:92)
938 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.261 |     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
...
958 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.261 |     at java.lang.Thread.run(Thread.java:619)
959 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.261 | Caused by: de.ct.commons.exception.BaseException: java.lang.reflect.InvocationTargetException
961 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.261 |     at de.ct.commons.facade.category.CategoryFacadeDefaultImpl.getCategoryByCode(CategoryFacadeDefaultImpl.java:90)
962 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.261 |     ... 81 more
963 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.261 | Caused by: java.lang.reflect.InvocationTargetException
...
969 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.262 |     at de.ct.commons.cmd.HybrisCommandProcessor.execute(HybrisCommandProcessor.java:72)
970 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.262 |     ... 82 more
971 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.262 | Caused by: de.ct.commons.exception.ObjectNotFoundException: No category found with code men_flannel
972 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.262 |     at de.ct.commons.services.impl.CategoryServiceImpl.getHYCategory(CategoryServiceImpl.java:78)
973 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.262 |     at de.ct.commons.services.impl.CategoryServiceImpl.loadItemByCode(CategoryServiceImpl.java:33)
974 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.262 |     ... 88 more
975 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.462 | Jan 31, 2011 12:00:50 AM com.sun.facelets.FaceletViewHandler handleRenderException
976 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.462 | SEVERE: Error Rendering View[/pages/productoverview.xhtml]
978 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.462 |     at com.sun.facelets.tag.TagAttribute.getObject(TagAttribute.java:235)
979 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.462 |     at com.sun.facelets.tag.TagAttribute.getBoolean(TagAttribute.java:79)
974 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.262 |     ... 88 more
975 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.462 | Jan 31, 2011 12:00:50 AM com.sun.facelets.FaceletViewHandler handleRenderException

So as you can see on the time stamp, this is one event caused by an exception and causing other exceptions (from 00:00:50.261 - 00:00:50.262) . What I want to do with splunk now is to get the exceptions (without their trace obviously) and list them, so I can analyze which of them occur with what frequency.

I tried it with findtypes, typelearner, field extracter etc. but nothing would help me to find similar exceptions, group and list them so that I can work with the data.

Can someone help me? Thank you very much!

Kind regards

0 Karma

woodcock
Esteemed Legend

You need the cluster command; try this:

sourcetype=MySourceType exception | cluster showcount=t | table cluster_count _raw | sort -cluster_count
0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...