Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

List events but exclude if part of transaction

bbuff1
New Member
‎01-18-2019 05:25 AM

My log has timeout events that occur on calls to UPS. There are timeout events for other reasons as well. I want my search result to only list timeout events that are not due to the UPS call. See example log below:

01/18/2019 08:20:13,554 INFO stdout 786765832 [default task-270] ERROR com.macys.mst.carrier.UPSHttpPostClient - Exception in UPS tracking service ::
01/18/2019 08:20:13,559 INFO stdout java.net.SocketTimeoutException: connect timed out
01/18/2019 08:20:13,559 INFO stdout at java.net.PlainSocketImpl.socketConnect(Native Method)

The transaction below will capture the java.net.SocketTimeoutException when the previous event has UPS in it:
..| transaction startswith="Exception in UPS tracking service" endswith="java.net.SocketTimeoutException"

However I don't want this included in my result. I want all java.net.SocketTimeoutException when they are not a result of a call to UPS.

0 Karma
Reply

dniglio
Observer
‎08-21-2020 01:05 PM

You figure out how to do this? I'd like my search results to only return events that are not a part of a specified transaction.

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | Why did the turkey cross the road?

November 2025 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Feel the Splunk Love: Real Stories from Real Customers

Hello Splunk Community,    What’s the best part of hearing how our customers use Splunk? Easy: the positive ...