Quantcast
Channel: Questions in topic: "splunk-enterprise"
Viewing all articles
Browse latest Browse all 47296

How to edit my search to filter out certain complete transaction data?

$
0
0
Hi guys, Currently we are doing a search across our unicorn error logs, basically excluding a bunch of garbage that we don't want to be alerted on. After this search is run, however, we want to also omit certain full transactions as well (if possible). I tried to do a join, then a new search with NOT, then transaction, but that doesn't seem to be working. Do you know of any ways where we could omit full transactions after doing an initial search?: index=storefront-unicorn source="/var/log/ruby_storefront/unicorn-err.log" NOT ("failed to fetch street" OR "NoMethodError - undefined method `[]' for nil:NilClass:")  AND NOT ("spawned pid" OR "spawning..." OR "timeout (61s > 60s), killing" OR "worker=* ready" OR "ERROR -- : reaped # worker=*") AND NOT ("[BUG] Segmentation fault" OR "CFUNC") AND NOT ("warning: regexp match /.../n against to UTF-8 string" OR "invalid ObjectId [personalization]" OR "/home/deploy/.rvm/gems/ruby-2.0.0-p247/gems/rtr_ruby_http-0.4.85/lib/rtr/sinatra/helpers/showroom_helper.rb:24:in `merge'" OR "rentalStartDate cannot be null" OR "{\"code\":400,\"message\":\"exceptions.InvalidZipCodeException: destinationZip" OR "NoMethodError - undefined method `user_id' for nil:NilClass:" OR "Encoding::CompatibilityError - incompatible character encodings: UTF-8 and ASCII-8BIT:" OR "TypeError - no implicit conversion of nil into String:" OR "TypeError - no implicit conversion of nil into String:") | join type=left NOT [search index=storefront-unicorn source="/var/log/rtr/rtr_ruby_storefront/unicorn-err.log" | transaction startswith="CFUNC" endswith="/home/deploy/.rvm/gems/ruby-2.0.0-p247/gems/multi_xml-0.5.5/lib/multi_xml/parsers"

Viewing all articles
Browse latest Browse all 47296

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>