Knowledge Management
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Ask a Question

Exceptions count different when compared to creating event types

girishgene07
New Member
โ€Ž10-18-2016 05:01 AM

Hi I am a new to splunk and need help with a query:

index=abc exception | rex ".?(?(?:\w+.)+\w*?Exception)."| stats count by exception
When I use the above query, I am getting a table of exceptions and its count listed, as below

com.system.enterprise.client.arcti.GeneralDomainCallException
java.land.NullPointerException
java.lang.RuntimeException
java.lang.reflect.InvocationTargetException

Here in this case I am getting a event count for java.land.NullPointerException as 3 events occured.
I am trying to create an event type for this particular exception(java.land.NullPointerException) to add it as a tag to a jira,

index=abc exception | rex ".?(?(?:\w+.)+\w?Exception).*"| search exception="java.lang.NullPointerException"
This above query cannot be saved as a event type, as its not accepting tubes "|"

When i try to search specifically for java.land.NullPointerException using the below query-
sourcetype=abc java.lang.NullPointerException*

I am getting an event count as 220 events occured

I am requesting some help to match the exact the event count numbers between my rex and event type query.

Tags (2)
0 Karma
Reply

sundareshr
Legend
โ€Ž10-18-2016 05:20 AM

Try these two searches

sourcetype=abc exception | rex "(?<exception>NullPointerException)"| stats count by exception

AND

sourcetype=abc java.lang.NullPointerException*
0 Karma
Reply