Splunk Search

How to write REXG when there is no field

New Member

Failed to determine DORG Access: HTTP 413 Request Entity Too Large

pls provide some explain -- how regx works in splunk ...

0 Karma

Builder

I have a blog post on this subject: http://blog.hortonew.com/how-to-use-regex-rex-in-splunk

0 Karma

New Member

really good blog post thank you --

how to exclude the word exception from below query

this splunk query index = index Exception | rex ".?(?(?:\w+.)+\w?Exception).*"
| stats count by exception

result : Uncaught exception: no Access Rule found for key ---
java.lang.exception ..

this query catches the word exception as well but i'm not interested in work exception --
i am interested the following

java.io.IOException

java.lang.Exception

java.lang.IllegalAccessException

java.lang.reflect.InvocationTargetException
java.lang.RuntimeException
java.net.ConnectException,
java.net.SocketException
java.rmi.NoSuchObjectException

java.util.MissingResourceException

javax.ejb.NoSuchEJBException

javax.faces.application.ViewExpiredException
javax.faces.FacesException

0 Karma

New Member

regx field = _row "Failed*(?i

0 Karma