Solved: How to create a report on error codes and how many...

parameshjava · ‎12-15-2015

In my application, it will print some error codes like OPT-00A001, OPT-00A002, OPT-00A003, upto OPT-00A010. I need to prepare a report to know each error code and how many times occurred over a period of time.

No idea how to use regex and timechart to get this kind of report. Please suggest.

sundareshr · ‎12-15-2015

Without actual logs, it is very difficult to isolate the pattern for your errorcode to write the correct regex. Having said that, if you error codes are always the same patter "OPT-" followed by 6 characters, then you can use this. This also assumes the error code appears only once an event. This also assumes, this pattern of OPT- followed by 6 chars doesn't occur anywhere else in the event. If it does, this regex will only get the first occurrence

| rex "(?<ec>OPT-\w{6})" | timechart count by ec

View solution in original post

sundareshr · ‎12-15-2015

Without actual logs, it is very difficult to isolate the pattern for your errorcode to write the correct regex. Having said that, if you error codes are always the same patter "OPT-" followed by 6 characters, then you can use this. This also assumes the error code appears only once an event. This also assumes, this pattern of OPT- followed by 6 chars doesn't occur anywhere else in the event. If it does, this regex will only get the first occurrence

| rex "(?<ec>OPT-\w{6})" | timechart count by ec

jmallorquin · ‎12-15-2015

Can you provide some lines of log just to ensure the rex match?

How to create a report on error codes and how many times each occurred over a period of time using regex and timechart?

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?