Splunk Search

Extract Class Names that created the exceptions from application server logs stacktrace

Path Finder

Hi,

I want to extract the class Names which created the exceptions from the application server logs stacktrace.

For Eg: event with below stacktrace
Example 1
Caused by: java.lang.IndexOutOfBoundsException: Index: 0, Size: 0
at java.util.ArrayList.RangeCheck(ArrayList.java:572)
at java.util.ArrayList.get(ArrayList.java:347)
at com.sun.xml.bind.util.ProxyListImpl.get(ProxyListImpl.java:189)
at com.mypkg.test.data.IAMGetTasksData.getOwner(IAMGetTasksData.java:1125)
at com.mypkg.test.data.IAMGetTasksData.getOwnerEmpNumber(IAMGetTasksData.java:1287)


at com.ibm._jsp._SPIAMCustListView._jspService(_SPIAMCustListView.java:878)
at com.ibm.ws.jsp.runtime.HttpJspBase.service(HttpJspBase.java:87)

I want to extract the class - com.mypkg.test.data.IAMGetTasksData which created IndexOutOfBoundsException

Example 2:
java.net.SocketTimeoutException: Read timed out
at org.apache.axis.AxisFault.makeFault(AxisFault.java:129)
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:131)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:71)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:150)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:120)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:180)
at org.apache.axis.client.Call.invokeEngine(Call.java:2564)
at org.apache.axis.client.Call.invoke(Call.java:2553)
at org.apache.axis.client.Call.invoke(Call.java:2248)
at org.apache.axis.client.Call.invoke(Call.java:2171)
at org.apache.axis.client.Call.invoke(Call.java:1691)
at com.mypkg.HttpClient.connectTo(HttpClient.java:110)
at com.mypkg.NetworkCall.call(NetworkCall.java:110)
at com.mypkg.GetCLD.main(GetCLD.java:145)

Extract Class com.mypkg.HttpClient

`Desired result:

ClassName Exception Count
com.mypkg.test.data.IAMGetTasksData IndexOutOfBoundsException 3
com.mypkg.HttpClient SocketTimeOutException 1
`
I am able to extract the Exceptions(eg:IndexOutOfBoundException,SocketTimeoutException) through regex:

Please suggest any approach or solutions to achieve this.

Thanks
Jagadish

0 Karma

Builder

I was able to add this rex command to my search to catch it based on my known package path. This works as long as your path is always the same anyway. In my case it isn't always the same.

rex "at com.mycompany.mypkg.(?P<exceptionClass>[\w\.]*)"
0 Karma

SplunkTrust
SplunkTrust

User max_match=0 to match all available values.

0 Karma

Builder

I believe there's a max match option for rex... forget the exact syntax (max_match=3 perhaps?), but that might work.

0 Karma

Path Finder

Hi Jeremiah,

Thanks for your inputs . But the above regular expression is giving me only the first line in the event that satisfies the regex.

From the stack trace i have to get all the 3 with my package name .

at com.mypkg.HttpClient.connectTo(HttpClient.java:110)
at com.mypkg.NetworkCall.call(NetworkCall.java:110)
at com.mypkg.GetCLD.main(GetCLD.java:145)

Current regex giving me only first line
at com.mypkg.HttpClient.connectTo(HttpClient.java:110)

0 Karma

Builder

I've attempted this also in the past with no luck so am interested in what you find.

The challenge is that it's not always the same number of lines down the stack right? You appear to be skipping past any Apache/Sun/Java standard stuff to the first instance of your own code. Does your code pkg always look the same? if so, you could look for that as the start of your extraction "at com.mypkg.(?P\w*)"

0 Karma

Path Finder

I've been contemplating something similar. I wanted to make a hash of the stack, possibly excluding line numbers. There could be multiple callers into a problematic method, and I'd like to know each problematic path into that method distinctly. But I'm not sure how to filter the event down to what I want. Once I do, I know I could do an md5() on it to get a consistent hash.

0 Karma