I know this has been asked a million times, but none of the solutions seem to work. I'm trying to filter for a specific, reproducible error, to find out how long it had been going on. I have the following thus far for KQL to find logs for errors in a specific microservice
service.name : "benefits" and level: "ERROR"
The error I'm looking for is:
System.NullReferenceException: Object reference not set to an instance of an object.
at System.IdentityModel.Tokens.JwtPayload.get_Claims()
at System.IdentityModel.Tokens.JwtSecurityToken.get_Claims()
at <obfuscated>.OwinRestService.Host.Services.TokenIdentificationService.GetIdentification(JwtSecurityToken jwt, IOwinContext context)
at <obfuscated>.OwinRestService.Host.Extensions.OwinContextExtensions.CreateContextDto(IOwinContext context, IContextIdentificationService contextIdentifierService, ILogger logger)
at <obfuscated>.OwinRestService.Host.Middlewares.RequestContextMiddleware.<Invoke>d__3.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.GetResult()
at <obfuscated>.OwinRestService.Host.Middlewares.ExceptionHandlingMiddleware.<Invoke>d__4.MoveNext()
The Kibana KQL box autosuggests a query with the full string, but using it's own autosuggestion, nothing comes up. Hoping to try just a substring I changed my query to
service.name : "benefits" and level: "ERROR" and exception:"System.NullReferenceException"
Nothing. I've tried it without the quotes, with the :* operator, all forms of combinations but nothing comes up. How can I query for just a substring or something unique to this error log.