Hey Guys,

I'm having problems analyzing log files, which are printing out exceptions, traces and exceptions that are an outcome of the first exception.

So there are many lines caused by one exception which are presenting both other exceptions, caused by the first exception, and their traces.

Here is an example:

876 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.261 | de.ct.commons.exception.ObjectNotFoundException: java.lang.reflect.InvocationTargetException
877 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.261 |     at de.ct.commons.facade.category.CategoryFacadeDefaultImpl.getCategoryByCode(CategoryFacadeDefaultImpl.java:92)
938 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.261 |     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
...
958 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.261 |     at java.lang.Thread.run(Thread.java:619)
959 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.261 | Caused by: de.ct.commons.exception.BaseException: java.lang.reflect.InvocationTargetException
961 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.261 |     at de.ct.commons.facade.category.CategoryFacadeDefaultImpl.getCategoryByCode(CategoryFacadeDefaultImpl.java:90)
962 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.261 |     ... 81 more
963 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.261 | Caused by: java.lang.reflect.InvocationTargetException
...
969 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.262 |     at de.ct.commons.cmd.HybrisCommandProcessor.execute(HybrisCommandProcessor.java:72)
970 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.262 |     ... 82 more
971 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.262 | Caused by: de.ct.commons.exception.ObjectNotFoundException: No category found with code men_flannel
972 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.262 |     at de.ct.commons.services.impl.CategoryServiceImpl.getHYCategory(CategoryServiceImpl.java:78)
973 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.262 |     at de.ct.commons.services.impl.CategoryServiceImpl.loadItemByCode(CategoryServiceImpl.java:33)
974 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.262 |     ... 88 more
975 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.462 | Jan 31, 2011 12:00:50 AM com.sun.facelets.FaceletViewHandler handleRenderException
976 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.462 | SEVERE: Error Rendering View[/pages/productoverview.xhtml]
978 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.462 |     at com.sun.facelets.tag.TagAttribute.getObject(TagAttribute.java:235)
979 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.462 |     at com.sun.facelets.tag.TagAttribute.getBoolean(TagAttribute.java:79)
974 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.262 |     ... 88 more
975 INFO   | jvm 1    | main    | 2011/01/31 00:00:50.462 | Jan 31, 2011 12:00:50 AM com.sun.facelets.FaceletViewHandler handleRenderException

So as you can see on the time stamp, this is one event caused by an exception and causing other exceptions (from 00:00:50.261 - 00:00:50.262) . What I want to do with splunk now is to get the exceptions (without their trace obviously) and list them, so I can analyze which of them occur with what frequency.

I tried it with findtypes, typelearner, field extracter etc. but nothing would help me to find similar exceptions, group and list them so that I can work with the data.

Can someone help me? Thank you very much!

Kind regards