topic Re: create alert in Monitoring Splunk https://community.splunk.com/t5/Monitoring-Splunk/create-alert/m-p/568905#M8616 <LI-CODE lang="markup">| rex "Caused by: (?&lt;cause&gt;([^:]+:){3}).*queue manager '(?&lt;queuemanager&gt;[^']+).*host name '(?&lt;hostname&gt;[^']+)"</LI-CODE> Wed, 29 Sep 2021 10:03:41 GMT ITWhisperer 2021-09-29T10:03:41Z create alert https://community.splunk.com/t5/Monitoring-Splunk/create-alert/m-p/568904#M8615 <P>Hi All,</P><P>&nbsp; &nbsp; I have logs in splunk and i need to create field values and create table with the values,present in logs.</P><P>example :<SPAN class="t">Caused</SPAN> <SPAN class="t">by:</SPAN> <STRONG><SPAN class="t">org.apache.kafka.connect.errors.ConnectException:</SPAN> <SPAN class="t">Failed</SPAN> <SPAN class="t">to</SPAN> <SPAN class="t">start</SPAN> <SPAN class="t">new</SPAN> <SPAN class="t">JMS</SPAN> <SPAN class="t">session</SPAN> <SPAN class="t">connection</SPAN> <SPAN class="t">1:</SPAN> </STRONG><SPAN class="t"><STRONG>JMSWMQ2013</STRONG>:</SPAN> <SPAN class="t">The</SPAN> <SPAN class="t">security</SPAN> <SPAN class="t">authentication</SPAN> <SPAN class="t">was</SPAN> <SPAN class="t">not</SPAN> <SPAN class="t">valid</SPAN> <SPAN class="t">that</SPAN> <SPAN class="t">was</SPAN> <SPAN class="t">supplied</SPAN> <SPAN class="t">for</SPAN> <STRONG><SPAN class="t">queue</SPAN> <SPAN class="t">manager</SPAN> '<SPAN class="t">EVT302</SPAN>' </STRONG><SPAN class="t">with</SPAN> <SPAN class="t">connection</SPAN> <SPAN class="t">mode</SPAN><SPAN> '</SPAN><SPAN class="t">Client</SPAN><SPAN>' </SPAN><SPAN class="t">and</SPAN> <SPAN class="t">host</SPAN> <SPAN class="t">name</SPAN><SPAN> '</SPAN><STRONG><SPAN class="t">10.37.84.12</SPAN>,<SPAN class="t">10.37.100.13</SPAN>(<SPAN class="t">1442</SPAN></STRONG><SPAN><STRONG>)</STRONG>'</SPAN><SPAN class="t">.</SPAN></P><P>Above one is the example log and i need to extract value under caused by as description and queue manager number and also the hostname.&nbsp;<BR />Can anyone help me on the same.</P><P>Thanks in Advance.</P> Wed, 29 Sep 2021 09:53:05 GMT https://community.splunk.com/t5/Monitoring-Splunk/create-alert/m-p/568904#M8615 vineela 2021-09-29T09:53:05Z Re: create alert https://community.splunk.com/t5/Monitoring-Splunk/create-alert/m-p/568905#M8616 <LI-CODE lang="markup">| rex "Caused by: (?&lt;cause&gt;([^:]+:){3}).*queue manager '(?&lt;queuemanager&gt;[^']+).*host name '(?&lt;hostname&gt;[^']+)"</LI-CODE> Wed, 29 Sep 2021 10:03:41 GMT https://community.splunk.com/t5/Monitoring-Splunk/create-alert/m-p/568905#M8616 ITWhisperer 2021-09-29T10:03:41Z