Solved: Re: Count Exceptions without any field usage.

Kk · ‎03-17-2022

Hi All, Can we retrieve the Exception count without any predefined field or without creating any field. Basically,I just want each Exception count in table where row is Exception name and count is the column. Consider Exceptions are Nullpointer, IllegalArgument etc..

Pls comment out the query that will be helpful.

ITWhisperer · ‎03-17-2022

... your search
| rex "(?<exception>Nullpointer|IllegalArgument|etc)"
| stats count by exception

View solution in original post

ITWhisperer · ‎03-17-2022

You could extract the exception from the _raw event field and base your counts on that.

Kk · ‎03-17-2022

No just assume I gave you already known Exceptions like I mentioned above there. So for that how can we show the count of each and every Exception in table. Here we have only strings i.e Exception names which are not extracted to field in common. With that, I have to generate a table row as an exception name and col as count.

Pls make sure there is no common field extraction.

ITWhisperer · ‎03-17-2022

... your search
| rex "(?<exception>Nullpointer|IllegalArgument|etc)"
| stats count by exception

How to count Exceptions without any field usage?

using Splunk Enterprise

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

Splunk APM: New Product Features + Community Office Hours Recap!

Index This | Forward, I’m heavy; backward, I’m not. What am I?