Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

List events but exclude if part of transaction

bbuff1
New Member
‎01-18-2019 05:25 AM

My log has timeout events that occur on calls to UPS. There are timeout events for other reasons as well. I want my search result to only list timeout events that are not due to the UPS call. See example log below:

01/18/2019 08:20:13,554 INFO stdout 786765832 [default task-270] ERROR com.macys.mst.carrier.UPSHttpPostClient - Exception in UPS tracking service ::
01/18/2019 08:20:13,559 INFO stdout java.net.SocketTimeoutException: connect timed out
01/18/2019 08:20:13,559 INFO stdout at java.net.PlainSocketImpl.socketConnect(Native Method)

The transaction below will capture the java.net.SocketTimeoutException when the previous event has UPS in it:
..| transaction startswith="Exception in UPS tracking service" endswith="java.net.SocketTimeoutException"

However I don't want this included in my result. I want all java.net.SocketTimeoutException when they are not a result of a call to UPS.

0 Karma
Reply

dniglio
Observer
‎08-21-2020 01:05 PM

You figure out how to do this? I'd like my search results to only return events that are not a part of a specified transaction.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you leveraging automation to its fullest potential in your threat detection strategy?Our upcoming Security ...

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Boston may be buzzing this September with Splunk University and .conf25, but you don’t have to pack a bag to ...

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...