Re: Unusual Exceptions

bheemeshwary · ‎09-05-2012

I want a query to find the unusual exceptions with in a span of one hour. Means it should be compared with the previous logs and determine whether it is not a regular exception or a new exception, that may cause a problem to the application. And can i automate this, which should run in regular intervals

dart · ‎09-05-2012

I see the question as how do I find exceptions that have not happened before?
There are a number of ways of doing this kind of task. I would build a lookup of all previously seen exception types and then only alert on those that we have not previously seen.

In this case, I'd possibly even keep other data about the source of the exception, such as the component or time that it occurred.

dart · ‎09-05-2012

So what I mean is schedule Splunk to build the lookup for you. Does that work? You can use the results of a search as a lookup. You can also use |inputlookup append=t name_of_your_lookup to merge in any previous results

bheemeshwary · ‎09-05-2012

Thnaks Dart,
What i mean to say is , maintaining look up for all the exceptions which are already happened is very tedious job.Any way we have the logs which are saved, My idea is compare the logs of last one hour with the last 7 or 30 days and need to find the unseen exceptions.

Unusual Exceptions

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation