I have an existing application where there are multiple application flows in it.
All the flows are of JMS messaging flows - where different system exchanges messages of queue.
I want to find out the huge logger statements from the log - which are like more than 10 lines or so.
What i tried - I tried using patterns tab where splunk tells us what are repetitive patterns.
I am good with repetitive patterns - but i want to find out logger statements which are huge in size.
So - is it possible to find out such log statements which are longer/bigger
thank you in advance
Splunk has a built-in field called "linecount" that should do what you want.
index=foo
| where linecount > 10
You can also find the size of an event using the len function.
index=foo
| eval size=len(_raw)
| where size > 5000
Be aware that Splunk truncates large events to 10,000 characters by default, although that setting can be changed in props.conf via TRUNCATE = <n>.