How do I properly parse atlassian jira or confluence logs with splunk?

It seems that Splunk (4.3.1) does not properly parse atlassian log4j logs:

component is not recognized
log level is not always recognizes.

I am very new to splunk, evaluating it and I got lost in the configuration options.

How do I teach splunk to properly parse these logs?

I want to be able to filter messages based on component, log level and even be able to ignore certain message patters.

Here is a sample

2012-04-11 10:56:25,473 http-8080-Processor19 ERROR [bc.issue.search.AbstractIssuePickerSearchProvider] Error while executing search request

org.apache.lucene.search.BooleanQuery$TooManyClauses at org.apache.lucene.search.BooleanQuery.add(BooleanQuery.java:184) at org.apache.lucene.search.BooleanQuery.add(BooleanQuery.java:175) at org.apache.lucene.search.PrefixQuery.rewrite(PrefixQuery.java:52) at org.apache.lucene.search.BooleanQuery.rewrite(BooleanQuery.java:381) at org.apache.lucene.search.BooleanQuery.rewrite(BooleanQuery.java:396)

parsing

asked 23 Apr '12, 07:30

ssbarnea
21●1
accept rate: 0%

Be the first one to answer this question!

toggle preview

Follow this question

Email:

RSS:

Answers

Answers + Comments

Markdown Basics

*italic* or _italic_
**bold** or __bold__
link:[text](http://url.com/ "Title")
image?![alt text](/path/img.jpg "Title")
numbered list: 1. Foo 2. Bar
to add a line break simply add two spaces to where you would like the new line to be.
basic HTML tags are also supported

learn more about Markdown

Tags:

parsing ×35

Asked: 23 Apr '12, 07:30

Seen: 561 times

Last updated: 23 Apr '12, 07:30

How do I properly parse atlassian jira or confluence logs with splunk?

Follow this question

Splunk Resources

Related questions