Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Require to extract info from messages and create table

UdayBhaskar
Engager
‎04-02-2024 05:18 AM

Below I provided a sample trace where we have message with below format 

Error_Request_Response for URI: {}, and Exception Occurred: {}

I want to create table with fields URI and Exception Occurred in a table

traceIduriexception
aaabbbccc


Can some guide me how to do it.


{"@timestamp":"2024-04-02T11:27:21.745Z","uri":"","level":"ERROR","service":"product-aggregator-models","traceId":"660beb9951d7a6d29b2480e4450d8d82","spanId":"fd29a51914f47434","parentSpanId":"","pid":"1","thread":"reactor-http-epoll-2","class":"c.h.e.p.client.v20.ProductServiceClient","message":"Error_Request_Response for URI: https://www.bbb.com/idvh/rest/Products/2171815?limit=50&offset=0&IsOnExchange=false&includeRates=tru..., and Exception Occurred: ExceptionStateModel(code=404 NOT_FOUND, description=Requested resource not found, timestamp=2024-04-02T11:27:21.745328361, status=404, path=null, traceId=null, causes=[ExceptionStateModel(code=404 NOT_FOUND, description=Response body is null or Empty, timestamp=2024-04-02T11:27:21.745303692, status=404, path=https://www.bbb.com/idvh/rest/Products/2171815?limit=50&offset=0&IsOnExchange=false&includeRates=tru..., traceId=null, causes=null)])","stack_trace":"com.bbb.eai.chassis.exceptions.BaseAPIException: null\n\tat com.bbb.eai.chassis.config.BaseWebClient.buildExceptionObject(BaseWebClient.java:279)\n\tSuppressed: reactor.core.publisher.FluxOnAssembly$OnAssemblyException: \nError has been observed at the following site(s):\n\t*__checkpoint ⇢ 404 NOT_FOUND from GET https://www.bbb.com/idvh/rest/Products/2171815 [DefaultWebClient]\nOriginal Stack Trace:\n\t\tat com.bbb.eai.chassis.config.BaseWebClient.buildExceptionObject(BaseWebClient.java:279)\n\t\tat com.bbb.eai.chassis.config.BaseWebClient.buildExceptionStateModel(BaseWebClient.java:206)\n\t\tat com.bbb.eai.chassis.config.BaseWebClient.lambda$handleExceptions$1(BaseWebClient.java:199)\n\t\tat reactor.core.publisher.MonoFlatMap$FlatMapMain.onNext(MonoFlatMap.java:132)\n\t\tat reactor.core.publisher.Operators$BaseFluxToMonoOperator.completePossiblyEmpty(Operators.java:2071)\n\t\tat reactor.core.publisher.MonoHasElement$HasElementSubscriber.onComplete(MonoHasElement.java:96)\n\t\tat reactor.core.publisher.MonoNext$NextSubscriber.onComplete(MonoNext.java:102)\n\t\tat reactor.core.publisher.FluxMap$MapSubscriber.onComplete(FluxMap.java:144)\n\t\tat reactor.core.publisher.FluxMap$MapSubscriber.onComplete(FluxMap.java:144)\n\t\tat reactor.core.publisher.FluxPeek$PeekSubscriber.onComplete(FluxPeek.java:260)\n\t\tat reactor.core.publisher.FluxMap$MapSubscriber.onComplete(FluxMap.java:144)\n\t\tat reactor.netty.channel.FluxReceive.onInboundComplete(FluxReceive.java:413)\n\t\tat reactor.netty.channel.ChannelOperations.onInboundComplete(ChannelOperations.java:431)\n\t\tat reactor.netty.channel.ChannelOperations.terminate(ChannelOperations.java:485)\n\t\tat reactor.netty.http.client.HttpClientOperations.onInboundNext(HttpClientOperations.java:712)\n\t\tat reactor.netty.channel.ChannelOperationsHandler.channelRead(ChannelOperationsHandler.java:114)\n\t\tat io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444)\n\t\tat io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)\n\t\tat io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412)\n\t\tat io.netty.handler.timeout.IdleStateHandler.channelRead(IdleStateHandler.java:286)\n\t\tat io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:442)\n\t\tat io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)\n\t\tat io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412)\n\t\tat io.netty.channel.CombinedChannelDuplexHandler$DelegatingChannelHandlerContext.fireChannelRead(CombinedChannelDuplexHandler.java:436)\n\t\tat io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:346)\n\t\tat io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:318)\n\t\tat io.netty.channel.CombinedChannelDuplexHandler.channelRead(CombinedChannelDuplexHandler.java:251)\n\t\tat io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:442)\n\t\tat io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)\n\t\tat io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412)\n\t\tat io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1466)\n\t\tat io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1329)\n\t\tat io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1378)\n\t\tat io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:529)\n\t\tat io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:468)\n\t\tat io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:290)\n\t\tat io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444)\n\t\tat io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)\n\t\tat io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412)\n\t\tat io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410)\n\t\tat io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:440)\n\t\tat io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)\n\t\tat io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919)\n\t\tat io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:800)\n\t\tat io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:509)\n\t\tat io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:407)\n\t\tat io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997)\n\t\tat io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)\n\t\tat io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)\n\t\tat java.base/java.lang.Thread.run(Thread.java:840)\n"}

Labels (6)
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎04-02-2024 05:53 AM

Assuming traceid and message have already been extracted form the JSON, try something like this

| rex field=message "Error_Request_Response for URI: (?<uri>[^,]+), and Exception Occurred: (?<exception>[^,]+),"
| table traceId uri exception
0 Karma
Reply
Get Updates on the Splunk Community!

Index This | I’m short for "configuration file.” What am I?

May 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with a Special ...

New Articles from Academic Learning Partners, Help Expand Lantern’s Use Case Library, ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Your Guide to SPL2 at .conf24!

So, you’re headed to .conf24? You’re in for a good time. Las Vegas weather is just *chef’s kiss* beautiful in ...