Splunk Search
Highlighted

How to generate a table that lists all Java exceptions?

New Member

I want to List all exceptions (java, spring, hibernate, etc) such as sql, unchecked, checkException plus any framework exception from a log in nice table format.

Tags (4)
0 Karma
Highlighted

Re: How to generate a table that lists all Java exceptions?

Splunk Employee
Splunk Employee

Hi jw44250, could you please share a bit more info about your log, some sample data maybe? Thanks!

Highlighted

Re: How to generate a table that lists all Java exceptions?

New Member

This is my logs
2012-08-10 08:19:17 [SEVERE] java.lang.NullPointerException
2012-08-10 08:19:17 [SEVERE] at net.minecraft.server.World.tickEntities(World.java:1146)
2012-08-10 08:19:17 [SEVERE] at net.minecraft.server.MinecraftServer.q(MinecraftServer.java:567)
2012-08-10 08:19:17 [SEVERE] at net.minecraft.server.DedicatedServer.q(DedicatedServer.java:212)
2012-08-10 08:19:17 [SEVERE] at net.minecraft.server.MinecraftServer.p(MinecraftServer.java:476)
2012-08-10 08:19:17 [SEVERE] at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:408)
2012-08-10 08:19:17 [SEVERE] at net.minecraft.server.ThreadServerApplication.run(SourceFile:539)
java.lang.NullPointerException

0 Karma
Highlighted

Re: How to generate a table that lists all Java exceptions?

New Member

Output
ExceptionName Total Occureence of Exception
AllTotalException . 60

Another Output
ExceptionName Total Occureence of Exception
.....SQLException . 10
.....NullPointerException . 5
..........................XException . 1

0 Karma
Highlighted

Re: How to generate a table that lists all Java exceptions?

Motivator

Answer to this question depends on how well you know the strings which come in log when the exception occur. For the lines of your log posted above we can do something like:

your query to return events
| rex field=_raw "\[SEVERE\](\s|\sat\s)(?<myException>[^\s\(]+)"
| stats count by myException

A similar scenario we handled in our projects was to target only the Caused by: line from the entire stack trace. Error logs we had were:

Caused by: org.apache.xerces.impl.io.MalformedByteSequenceException: Invalid byte 2 of 2-byte UTF-8 sequence.
        at org.apache.xerces.parsers.DOMParser.parse(Unknown Source)
        at org.apache.xerces.jaxp.DocumentBuilderImpl.parse(Unknown Source)
        at javax.xml.parsers.DocumentBuilder.parse(DocumentBuilder.java:124)
        at com.citigroup.ebusiness.jfp.messaging.tibco.common.util.DOMUtils.parseXmlString(DOMUtils.java:166)
        ... 8 more

Query to fetch these were written as:

index=myIndex sourcetype=mySourcetype "Caused by:"
| rex field=_raw "Caused by:\s(?<myException>[\S]+)"
| stats count by myException

You can build upon it similarly.

View solution in original post

0 Karma
Highlighted

Re: How to generate a table that lists all Java exceptions?

New Member

i have account all the exceptions from 5apps and their logs

Field 1 . field . total Occurenance
Error . xyz . 3
Exception . NPE . 2

0 Karma
Highlighted

Re: How to generate a table that lists all Java exceptions?

New Member

thanks -- why selection "Caused by: " --

im totally new to splunk

0 Karma
Highlighted

Re: How to generate a table that lists all Java exceptions?

Motivator

That's because in our use case we were only interested in the lines having "Caused by:" from the entire stack trace; which is the actual cause of error and there might be a lot of errors/subExceptions in the stack trace:

 index=myIndex sourcetype=mySourcetype "Caused by:"
 | rex field=_raw "Caused by:\s(?<myException>[\S]+)"
 | stats count by myException

Your log lines which you posted should work out with this query I posted initially if that's how the errors occur in your logs:

 your query to return events
 | rex field=_raw "\[SEVERE\](\s|\sat\s)(?<myException>[^\s\(]+)"
 | stats count by myException
0 Karma
Highlighted

Re: How to generate a table that lists all Java exceptions?

New Member

thnks a lot for your help

0 Karma
Highlighted

Re: How to generate a table that lists all Java exceptions?

New Member

my result still not prefect ...i end up doing this :

index=index1 sourcetype=index1log1 "Caused by:"
| rex field=
raw "Caused by:\s(?[\S]+)"
| stats count by myException |appendcols[search=ndex1 sourcetype=index2log2 "Caused by:"
| rex field=
raw "Caused by:\s(?[\S]+)"
| stats count by myException]

My output is all over the places....currently try to figure the expected output since rows and columns is merges.

the above query cause me issue regarding exceptions becuase the same exception (NPE) can appear in index 1 /2 or both -- getting different wrong result -- i needed to range colns order (A, B ) . (B, A)

0 Karma