I have written a query to fetch the all java exception count wise in splunk. But this query fetch across all sourcetype.
java.*.*Exception NOT warn | rex "(?<rexexption>java*.*Exception)"| stats count by rexexption | table count,rexexption | sort count | reverse
Now I want all these exceptions per sourcetype wise.
Go to you splunk home\main page and click on data summary. There you can see source , sourcetype and other fields. just select one sourcetype which you want to go for and edit your query.
Source => path where logs are stored
sourcetype => log files
if you know your sourcetype name then edit your search :
sourcetype = java_*log*.txt java.*.*Exception NOT warn | rex "(?<rexexption>java*.*Exception)"| stats count by rexexption | table count,rexexption | sort count | reverse
