Reading internal json field and finding the total ...

muralip543 · ‎12-28-2020

Hi Team,

The below is my json object, i want to read error object's sub field exception_type and should display the count in the last 1 hour in table format if exception_type="Application Exception"

Please suggest me the splunk query i am very new to splunk.

Thank you so much in advance.

{
"class_name": "com.verizon.vsib.addressval.services.CameoClient",
"VSAD_ID": "GYEV",
"True_ip": "10.118.142.156",
"log_message": "Missing Company Code",
"server_port": "443",
"error": {
"exception_type": "Application Exception",
"exception_code": "P0106",
"exception_details": "Missing Company Code"
},
"user_agent": "PostmanRuntime/7.25.0",
"@timestamp": "2020-12-24T05:41:18.181Z",
"log_time_stamp": 1608788478110,
"status_code": 500,
"api_url": "https://vsib-dev.ebiz.verizon.com/addressValidation/validateAddress?null",
"log_level": "info",
"server_host": "10.118.143.141",
"app_environment": "dev",
"@version": "1",
"requestId": "TestSplunk-17",
"vast_id": 25439,
"log_date": "",
"logger_class": "com.verizon.vsib.addressval.services.CameoClient",
"time": 1608788478.181,
"app_name": "VSIB",
"function_name": "pushApplicationError"
}

Reading internal json field and finding the total count in last 1 hr

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!