Re: Regex to extract exceptionmessage

Bhuavana · ‎11-07-2014

Hi,

I have five different types of exceptions and for that messages are logged as shown below :

ClientIp=065162175003 : - caught
com.wu.ws.WUWSException: WS000:WUWSException occured while executing the web service
at sun.reflect.GeneratedConstructorAccessor721

ClientIp=065162175003 : - caught
com.wu.ws.WUWSException: WS000:WUWSException occured while executing the web service
at

ClientIp=065162175003 : - Exception while getting fileApolloWhitelistedCredentials.properties ResourceHandler:getConfirationProperties()
java.io.FileNotFoundException: /apps/mobiliser5.1.0/02/money/conf/ApolloWhitelistedCredentials.properties (No such file or directory)
at
ClientIp=220227031066 : - caught
com.wu.ws.UserIDNotFoundException: W0334:The User Name you entered is incorrect. Please try again.
at

ClientIp=065162175003 : - caught
com.wu.ws.WUWSException: WS000:WUWSException occured while executing the web service
at

ClientIp=220227031066 : - caught
com.sybase365.mobiliser.custom.project.businesslogic.exceptions.WuCustomerLoginException: Failed to login through xx.com by identification: test@MAIINATOR.COM
at

Here i need extract the exception message alone in regex[ keeping ClientIp= as the front reference and at as the end reference- need to extract text between of that] using regex

Please let me know the regex query for the same

aholzer · ‎11-07-2014

Try this:

rex "(?P<exception_msg>ClientIp=\d{12} : - Exception [^\n]+? at)\n"

I've made a couple of assumptions:

ClientIp= is always followed by exactly 12 digits
That immediately after the ending "at" there is a new line
You want to include both the strings "ClientIp" and "at" in your extraction

Hope this helps

Bhuavana · ‎11-10-2014

Thanks for the update. With few modiifcations im able to fetch half of the message using below regex

| rex field=_raw "ClientIp=\d{12} : - (?(.)+[\n at])"

But above one is skipping message which is at next line.

Any idea how to fetch text at next line?

For ex:

In below log:

ClientIp=065162175003 : - Exception while getting fileApolloWhitelistedCredentials.properties
ResourceHandler:getConfirationProperties()
java.io.FileNotFoundException: /apps/mobiliser5.1.0/02/money/conf/ApolloWhitelistedCredentials.properties (No such file or directory)
at

With my above expression im able to get below text alone :

Exception while getting fileApolloWhitelistedCredentials.properties

But next line starting with ResourceHandler..... and java.io. is not extracted.

Please help to extract the same>?

richgalloway · ‎11-07-2014

It's not clear exactly what text you're trying to extract. Please tell what your expected output is.

---
If this reply helps you, Karma would be appreciated.

Bhuavana · ‎11-10-2014

I need to extract message like [for ex: Exception while getting fileApolloWhitelistedCredentials.properties ResourceHandler:getConfirationProperties()
java.io.FileNotFoundException: /apps/mobiliser5.1.0/02/money/conf/ApolloWhitelistedCredentials.properties (No such file or directory] from above logs.
Similar to above text, from above logs text which starts next to : - and ends at [at]

Regex to extract exceptionmessage

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...