I have a log4j syslog which throws a few nullpointers every day like:
2015-10-05 00:00:53,042 ERROR DefaultExceptionMapper - Unexpected error occurred
java.lang.NullPointerException
at some.java.code.of.mine(SomeJavaFileOfMine.java:318)`
I am having some thoughts about these calls being from google-bots indexing the webpage and I would hence like to figure out which IP-adresses that are causing these exceptions by comparing the time of the exception with the times in our access logs.
An event in the access log looks something like:
2XX.1XX.XXX.XXX - - [05/Oct/2015:10:48:02 +0200]
"GET SOMETHING HTTP/1.1" 200 31912 "SOME URL"
"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:41.0)
Gecko/20100101 Firefox/41.0" www.someurl.com SOME_STAT_COOKIE_ID=-
How do I do to get a list of the ip-adresses which are making requests at all of times certain exceptinos occur in my syslog?
I have tried with the following Splunk-query but with no results:
source="access_log" | eval timez=strftime(_time, "%H:%M %m-%d-%y") | search [search source="frontend.log" SomeJavaFileOfMine "java.lang.NullPointerException" | eval timez=strftime(_time, "%H:&M %m-%d-%y") | fields timez]
... View more