Hi, I am newbie to Splunk.
Here's some of my sample logs, where I need to count the number of occurrences for each of these exceptions. Also I would like to build a Panel that gives me these Unique (in Bold below) occurrences.
org.mule.module.xml.filters.SchemaValidationFilter - SchemaValidationFilter rejected a message because it apparently failed to validate against the schema.
org.xml.sax.SAXParseException: cvc-maxLength-valid: Value 'Georgia Tech Yellow Jacke Heather Navy S Interbay Melange Stripe P' with length = '66' is not facet-valid with respect to maxLength '65' for type '#AnonType_DescriptionItemMessagetXML'.
DEBUG org.mule.module.xml.filters.SchemaValidationFilter - SchemaValidationFilter rejected a message because it apparently failed to validate against the schema.
org.xml.sax.SAXParseException: cvc-maxLength-valid: Value 'West Virginia Mountaineer No Color Yth XL Youth Girls CO3 Judo Flee' with length = '67' is not facet-valid with respect to maxLength '65' for type '#AnonType_DescriptionItemMessagetXML'.
This is what I have written so far:
index=Mule source = "*item-subscriber-manhattan*" "*is not facet-valid with respect to maxLength '65' for type*" | rex field==_raw "SchemaValidationFilter rejected a message because it apparently failed to validate against the schema. org.xml.sax.SAXParseException: cvc-maxLength-valid: Value (?<from>.*) is not facet-valid with respect to maxLength '65'(?<to>.*)" | timechart span=1d count by to
The problem that I have is when I put it in Panel, event though it shows the counts but it still shows "Count" as NULL and when I try to drill through it, it doesn't show any logs (until I clear out the bold text below)
index=Mule source = "*item-subscriber-manhattan*" "*is not facet-valid with respect to maxLength '65' for type*" | rex field==_raw "SchemaValidationFilter rejected a message because it apparently failed to validate against the schema. org.xml.sax.SAXParseException: cvc-maxLength-valid: Value (?<from>.*) is not facet-valid with respect to maxLength '65'(?<to>.*)" | **search to=NULL**
So please help me how can I find all these unique "exception strings" and also how can I make sure that my count doesn't show Null and when I click on the drill through in panel the search works fine.
... View more