Splunk Search
Highlighted

How to edit my search to get a list total of unique exception and error?

New Member

Getting 5-10 logs file and there could be error, exceptions, root cause may appear all at once, or only error or exceptions

This is the Splunk command used but not getting the properly results

 "ERROR" OR Exception | rex ".*?(?(?:\w+\.)+\w*?Exception).*"
           | stats count by exception
Tags (3)
0 Karma
Highlighted

Re: How to edit my search to get a list total of unique exception and error?

SplunkTrust
SplunkTrust

Please share some sample data along with the expected results.

---
If this reply helps you, an upvote would be appreciated.
0 Karma
Highlighted

Re: How to edit my search to get a list total of unique exception and error?

New Member

log1.log
at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.IllegalStateException: No task status found for ID:

2017-01-09T17:14:41.708+0000 ERROR : loggerName="test1" threadName="2121212" Uncaught exception: null
java.nio.BufferUnderflowException: null
at java.nio.Buffer.nextGetIndex(Buffer.java:506)
at java.nio.HeapByteBuffer.getLong(HeapByteBuffer.java:412)
at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:589)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.IllegalStateException: No task status found for ID

log2.log
017-01-09T17:01:42.650+0000 ERROR : loggerName
dsfsdfsd
f
dsffsd
f

log3.log
2017-01-09T16:31:17.185+0000 ERROR : loggerName=abcxvxvvvk@7ba88ff5[state=SUCCESS,message=Extract Generation Completed Successfully.]
com....retry.RetryException: Retrying failed to

0 Karma
Highlighted

Re: How to edit my search to get a list total of unique exception and error?

SplunkTrust
SplunkTrust

What do you want the output to be?

Your sample query need more quotation marks: "ERROR" OR "Exception" | rex ".*?(?<exception>(?:\w+\.)+\w*?Exception).*" | stats count by exception

---
If this reply helps you, an upvote would be appreciated.
0 Karma
Highlighted

Re: How to edit my search to get a list total of unique exception and error?

New Member

just splunk command above splunk cmd

in the result at splunk tool -- the below result is not count at all

2017-01-09T18:15:08.036+0000 ERROR : loggerName="c.a.i.a.a.w.r.s.AbstractExceptionMapper" threadName="qtp13434343" txnId="9386317e-be2erererc" Uncaught exception: null
java.nio.BufferUnderflowException: null
at java.nio.Buffer.nextGetIndex(Buffer.java:506)

0 Karma
Highlighted

Re: How to edit my search to get a list total of unique exception and error?

SplunkTrust
SplunkTrust

That looks like an event (the input to a Splunk query) rather than the result of a Splunk query.
Also, the event in log2.log does not contain the text "Exception" so it won't be counted.

---
If this reply helps you, an upvote would be appreciated.
0 Karma
Highlighted

Re: How to edit my search to get a list total of unique exception and error?

Splunk Employee
Splunk Employee

Hi jw4425,

Your rex syntax seems incorrect. A field name should be provided to which to assign the captured group, something like this:

... | rex ".*(?<new_field_name>+\w*?Exception).*"

For details, see http://docs.splunk.com/Documentation/Splunk/6.5.1/SearchReference/Rex.

Hope this helps. Thanks!
Hunter

0 Karma