Splunk Dev
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Unusual Exceptions

bheemeshwary
Engager
‎09-05-2012 06:14 AM

I want a query to find the unusual exceptions with in a span of one hour. Means it should be compared with the previous logs and determine whether it is not a regular exception or a new exception, that may cause a problem to the application. And can i automate this, which should run in regular intervals

Tags (3)
Reply

dart
Splunk Employee
Splunk Employee
‎09-05-2012 06:56 AM

I see the question as how do I find exceptions that have not happened before?
There are a number of ways of doing this kind of task. I would build a lookup of all previously seen exception types and then only alert on those that we have not previously seen.

In this case, I'd possibly even keep other data about the source of the exception, such as the component or time that it occurred.

Reply

dart
Splunk Employee
Splunk Employee
‎09-05-2012 02:15 PM

So what I mean is schedule Splunk to build the lookup for you. Does that work? You can use the results of a search as a lookup. You can also use |inputlookup append=t name_of_your_lookup to merge in any previous results

0 Karma
Reply

bheemeshwary
Engager
‎09-05-2012 07:31 AM

Thnaks Dart,
What i mean to say is , maintaining look up for all the exceptions which are already happened is very tedious job.Any way we have the logs which are saved, My idea is compare the logs of last one hour with the last 7 or 30 days and need to find the unseen exceptions.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Deep Dive: Accelerate threat investigation with Splunk’s AI Assistant in Security

AI is one of the biggest topics in the market today, and for security teams, its value goes far beyond the ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Detection Engineering Office Hours: Real-World Troubleshooting & Q&A

[REGISTER HERE] This thread is for the Community Office Hours session on Detection Engineering Office Hours: ...