I have an requirement to get only the exception related substring from the splunk log,
My log will be in the following format:
fetching records from AAA table
creating event to send to sqs
Publishing to SQS
Large-payload support enabled.
Exception occurred while processing rules for Feed name AAA. Skipping Exception
com.amazonaws.services.sqs.model.QueueDoesNotExistException: The specified queue does not exist for this wsdl version. (Service: AmazonSQS; Status Code: 400; Error Code: AWS.SimpleQueueService.NonExistentQueue; Request ID: xxxx)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleErrorResponse(AmazonHttpClient.java:1640)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeOneRequest(AmazonHttpClient.java:1304)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1058)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:743)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:717)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:699)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:667)
at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:649)
.....
Now I want to get only the part of exception from above log like
Exception occurred while processing rules for Feed name AAA. Skipping Exception com.amazonaws.services.sqs.model.QueueDoesNotExistException
I have tried the below query :
index=*** source=*** *Exception* | rex field=_raw "\(Exception occurred while processing rules for Feed name (?<myField>[^\)]:*)\)\("
| table myField
But it returns empty result. Can anyone please suggest me the right solution for it.
... View more