I want to know how can i create regular expressions for the following exceptions...
java.io.IOException
java.lang.Exception
java.lang.IllegalAccessException
java.lang.reflect.InvocationTargetException
java.lang.RuntimeException
java.net.ConnectException,
java.net.SocketException
java.rmi.NoSuchObjectException
java.util.MissingResourceException
javax.ejb.NoSuchEJBException
javax.faces.application.ViewExpiredException
javax.faces.FacesException
This works:
|rex field=_raw "\s(?<a_exceptiontype>(java|javax)\.\w+\.\w+Exception)"
Tested.
Here's one regex string. There may be others.
javax?\.[\.\w]+Exception
Not working @richgalloway.. im new to splunk
index=index* | rex field="javax?.[.\w]+Exception" |stats count
Result
Error in 'SearchOperator:rex': Usage: regex [field=]
The syntax is incorrect and you need a capturing group. Try index=index* | rex "(?<Exception>javax?.[.\w]+Exception)" |stats count
.
something like i think
rex field=_raw "port (?
try like this:
|stats c | eval _raw ="javax.ejb.NoSuchEJBException"|append[|stats c | eval _raw ="java.lang.Exception"] |append[|stats c | eval _raw ="javax.faces.application.ViewExpiredException"]| rex "(?^(java)x?.[.\w]+)"|stats c by exp