Re: how to search a list with *Exceptions

vincenty · ‎03-25-2013

I want to search from a list of the following *Exceptions from log files. I don't have a field defined nor know how to define it. I want get a table report with number of occurrences for each type of exceptions. I think I may be able to do it with inputlookup but not sure how to get started.... please help

com.sun.jersey.api.client.ClientHandlerException

org.eclipse.persistence.exceptions.OptimisticLockException

Locks.checkThreadStopException

com.sun.xml.ws.client.ClientTransportException

java.io.IOException

java.lang.Exception

java.lang.IllegalAccessException

java.lang.reflect.InvocationTargetException
java.lang.RuntimeException
java.net.ConnectException,
java.net.SocketException
java.rmi.NoSuchObjectException

java.util.MissingResourceException

javax.ejb.NoSuchEJBException

javax.faces.application.ViewExpiredException
javax.faces.FacesException

javax.mail.MessagingException
...

jonuwz · ‎03-26-2013

Try this for a starter

Exception | rex ".*?(?<exception>(?:\w+\.)+\w*?Exception).*"
          | stats count by exception

acveer · ‎07-19-2016

Thank you. this worked for me.

vincenty · ‎03-26-2013

ok thx. Can use the patterns as you've provided to search with the following. Is there a easier way to do this especially if I add another level?

Exception | rex "(?:^|\s)(?\w+.\w+.\w+.\w+Exception)(?:\s|$)" | search Exception | rex "(?:^|\s)(?\w+.\w+.\w+Exception)(?:\s|$)" |stats count by exception

how to search a list with *Exceptions

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?