cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
ps2019
Loves-to-Learn Everything
Member since: ‎10-12-2022
‎11-02-2022
Community Statistics
Posts 9
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎10-12-2022
Activity Feed
View All

Re: Is it possible for this search to include pres...

by in Splunk Search
‎10-14-2022 02:35 AM
‎10-14-2022 02:35 AM
I only want that the 2 errors: 1. Authentication error : 2. runtime error: also get added to the list of errors, the way of identifying them would be after error there would be a ":"(colon) present directly after the word like this - error: or after a space like - error : So can't we modify the regex or the query in a way so as to achieve this? ... View more

Re: Is it possible for this search to include pres...

by in Splunk Search
‎10-13-2022 01:56 AM
‎10-13-2022 01:56 AM
When i run this query: index="css-dev" (source != "*qa*" AND source = "*pinxtgateway*") (error=* OR error) | rex "(?<custom_error>(\w*\s)?(E|e)rror\s?\:?(\s|\w|\-|\(|\=|\))*)" | eval error_name=COALESCE(error, custom_error) | where LEN(error_name)>1 | stats count AS event_count by error_name it gives me this: error_name                                                                              event_count Error                                                                                                 21478                       Error:                                                                                                22                    Server Error</                                                                              21                 access_denied                                                                             1014         error                                                                                                   4          error":                                                                                                 85                       error]                                                                                                 1425919                               error ] [                                                                                               179                                               error],                                                                                                   85                                                   error]}"                                                                                                170                                             invalid_request                                                                                  22                                     invalid_token                                                                                        4                                                 open error                                                                                             179                                     server_error                                                                                           86                  But I do not want like this.  ... View more

Re: Is it possible for this search to include pres...

by in Splunk Search
‎10-13-2022 01:54 AM
‎10-13-2022 01:54 AM
What I want is something like this: error_name                          event_count access_denied                      (count) invalid_request                      (count) invalid_token                           (count) server_error                             (count) unauthorised_client              (count) Authorisation error :               (count) runtime error:                            (count) xyz error                                       (count) In future whenever any new error comes, it should then add that new error to this format with its count error field has 5 values already - access_denied, invalid_request, invalid_token, server_error, unauthorised_client This error field does not include the errors set by developer like - Authorisation error, runtime error, etc. These errors set by developer should also be added to the list and all the errors should be under one column ... View more

Is it possible for this search to include present ...

by in Splunk Search
‎10-12-2022 12:12 PM
‎10-12-2022 12:12 PM
Hi guys, I need help with a Splunk query. The boss wants me to have a total of all different types of errors.  When I run this query:   index = css-dev error = "*" it gives the logs where for each log there is an error field present. The error field has 5 values - access_denied, invalid_request, invalid_token, server_error, unauthorised_client.   In addition to this "error" field, there are some other errors also which I want to capture but they are added by developers by adding them using log. These errors are: 1. runtime error: attempt to get length of a boolean value 2. Authentication error : WRONGPASS invalid username-password pair 3. Error while sending 2 (size = 1KB) traces to the DD agent So these above 3 errors are not included in the "error" field and so therefore when i run the query - index = css-dev error="*" , I cannot find the above 3 errors. What I want is a query that should include the already present errors in the "error" field(access_denied, invalid_request, invalid_token, server_error, unauthorised_client), and should  also dynamically add any new error added by the developer. Is it possible? ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎11-02-2022 03:14 AM