Hello splunk users,

Can someone help me with a solution? I am running my base search query to see the error in response, but the error id coming in the response is not showing as a field so I am not able to generate a timechard for all the different errors/error id's.

I need your help on this, since I am very weak in using rex command I can't think a solution at my own:

Base search query:-   ("Unexpected partner error.." OR "Timeout occurred waiting for response from Fulfillment - java.net.SocketTimeoutException: Read timed out") GenerateBookingResponse ERROR source="/var/log/myapp/electronic-purchase-service/electronic-purchase-service.log"

Below is the sample of error response. Every error is having a unique errorid associated with it:

2019-01-10 19:39:21.454 [https-jsse-nio-8080-exec-10] [hdhdhda704-4444-44a1-bbbb-52857lllcd1d] INFO  EndpointLogger - endpoint=my-endpoint; operation=createOrder; duration=4517, response=<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><ns3:GenerateBookingResponse xmlns:ns1="urn:myworld:dom:common:defn:v1" xmlns:ns10="urn:myworld:dm:hhhhh:hhhhh:define:v1" xmlns:ns11="urn:myworld:dom:supply:messages:defn:v1" xmlns:ns12="urn:myworld:dom:vvvv:datatype:define:v1" xmlns:ns13="urn:myworld:c3:data:placetypes:defn:v4" xmlns:ns14="urn:myworld:c3:data:messagetypes:defn:v5" xmlns:ns2="urn:myworld:ddom:datatype:define:v1" xmlns:ns3="urn:myworld:dom:order:messages:v1" xmlns:ns4="urn:myworld:ord:order:persisttypes:v2" xmlns:ns5="urn:myworld:c3:data:financetypes:define:v5" xmlns:ns6="urn:myworld:c3:data:financetypes:defn:v4" xmlns:ns7="urn:myworld:c3:data:basetypes:defn:v4" xmlns:ns8="urn:myworld:c3:data:timetypes:define:v4"><ns1:MessageInfo CreateDateTime="2019-01-10T19:39:16.935-07:00" MessageGUID=“0102037-048a-49a9-08u5-2222ba059e2a" TransactionGUID=“11111111-ac11-1a11-22d7-eb1a2c333333><ns1:DebugTraceBoolean>false</ns1:DebugTraceBoolean></ns1:MessageInfo><ns1:MessageStatus><ns1:Status>Failure</ns1:Status><ns1:ErrorList><ns1:Error><ns1:MessageTransactionInfo><ns1:Category>ExternalError</ns1:Category><ns1:Code>0000</ns1:Code><ns1:Description>Unexpected partner error..</ns1:Description><ns1:Namespace>urn:myworld:c3:ss:electronic:digitalinterface:purchasecommontypes:define:v2</ns1:Namespace><ns1:ExternalErrorList><ns1:ExternalError><ns1:ExternalErrorID>10007</ns1:ExternalErrorID><ns1:ExternalErrorDescription>Unexpected partner error..</ns1:ExternalErrorDescription></ns1:ExternalError></ns1:ExternalErrorList></ns1:MessageTransactionInfo></ns1:Error></ns1:ErrorList></ns1:MessageStatus><ns1:MobileOrderProcessRelationNO>ab7cdc43-f8a6-4cdf-0000-33t4f530u65a</ns1:MobileOrderProcessRelationNO></ns3:GenerateBookingResponse></soap:Body></soap:Envelope>


I need to generate a timechart based on the error or error ID.

thanks a lot in advance.