It seems that Splunk (4.3.1) does not properly parse atlassian log4j logs:
I am very new to splunk, evaluating it and I got lost in the configuration options.
How do I teach splunk to properly parse these logs?
I want to be able to filter messages based on component, log level and even be able to ignore certain message patters.
Here is a sample
org.apache.lucene.search.BooleanQuery$TooManyClauses at org.apache.lucene.search.BooleanQuery.add(BooleanQuery.java:184) at org.apache.lucene.search.BooleanQuery.add(BooleanQuery.java:175) at org.apache.lucene.search.PrefixQuery.rewrite(PrefixQuery.java:52) at org.apache.lucene.search.BooleanQuery.rewrite(BooleanQuery.java:381) at org.apache.lucene.search.BooleanQuery.rewrite(BooleanQuery.java:396)
asked 23 Apr '12, 07:30