Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to edit my search to get a list total of unique exception and error?

jw44250
New Member
‎01-09-2017 09:33 AM

Getting 5-10 logs file and there could be error, exceptions, root cause may appear all at once, or only error or exceptions

This is the Splunk command used but not getting the properly results 

 "ERROR" OR Exception | rex ".*?(?(?:\w+\.)+\w*?Exception).*"
           | stats count by exception
Tags (3)
0 Karma
Reply

hunters_splunk
Splunk Employee
Splunk Employee
‎01-10-2017 04:34 PM

Hi jw4425,

Your rex syntax seems incorrect. A field name should be provided to which to assign the captured group, something like this:

... | rex ".*(?<new_field_name>+\w*?Exception).*"

For details, see http://docs.splunk.com/Documentation/Splunk/6.5.1/SearchReference/Rex.

Hope this helps. Thanks!
Hunter

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎01-09-2017 10:02 AM

Please share some sample data along with the expected results.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

jw44250
New Member
‎01-09-2017 10:13 AM

log1.log
at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.IllegalStateException: No task status found for ID:

2017-01-09T17:14:41.708+0000 ERROR : loggerName="test1" threadName="2121212" Uncaught exception: null
java.nio.BufferUnderflowException: null
at java.nio.Buffer.nextGetIndex(Buffer.java:506)
at java.nio.HeapByteBuffer.getLong(HeapByteBuffer.java:412)
at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:589)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.IllegalStateException: No task status found for ID

log2.log
017-01-09T17:01:42.650+0000 ERROR : loggerName
dsfsdfsd
f
dsffsd
f

log3.log
2017-01-09T16:31:17.185+0000 ERROR : loggerName=abcxvxvvvk@7ba88ff5[state=SUCCESS,message=Extract Generation Completed Successfully.]
com....retry.RetryException: Retrying failed to

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎01-09-2017 10:38 AM

What do you want the output to be?

Your sample query need more quotation marks: "ERROR" OR "Exception" | rex ".*?(?<exception>(?:\w+\.)+\w*?Exception).*" | stats count by exception

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

jw44250
New Member
‎01-09-2017 10:48 AM

just splunk command above splunk cmd

in the result at splunk tool -- the below result is not count at all

2017-01-09T18:15:08.036+0000 ERROR : loggerName="c.a.i.a.a.w.r.s.AbstractExceptionMapper" threadName="qtp13434343" txnId="9386317e-be2erererc" Uncaught exception: null
java.nio.BufferUnderflowException: null
at java.nio.Buffer.nextGetIndex(Buffer.java:506)

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎01-09-2017 03:10 PM

That looks like an event (the input to a Splunk query) rather than the result of a Splunk query.
Also, the event in log2.log does not contain the text "Exception" so it won't be counted.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...