https://community.splunk.com/t5/Splunk-Search/How-to-extract-below-field-from-logs/m-p/370111#M109016 <P>Hello @tiagofbmm,<BR /> Thanks for the answer.<BR /> But, i m getting error as "Error in 'rex' command: Encountered the following error while compiling the regex 'ConnectorException:s(?.*)': Regex: unrecognized character after (? or (?- "</P> Wed, 21 Mar 2018 11:51:20 GMT Dinesh_Raja 2018-03-21T11:51:20Z https://community.splunk.com/t5/Splunk-Search/How-to-extract-below-field-from-logs/m-p/370109#M109014 <P>Hello,</P> <P>I need to create a dashboard which shows error messages &amp; its count over the time. i have a logfile like below and i would like to extract the error message as a field.</P> <P>"[syncservice] [ERROR] [20 Mar 2018 04:09:56,654] : [7dfhsdgw-4dgsj-ashgah-svahs5226] : [com.xxx.xxxx.xxxx.xxxx]: Failed to invoke service xxx.xxxxxx.xxxx.ConnectorException: <STRONG>IOException occurred for ServiceLogMessage while obtaining response: Connection to <A href="http://localhost:8080">http://localhost:8080</A> refused</STRONG>" </P> Wed, 21 Mar 2018 11:18:42 GMT https://community.splunk.com/t5/Splunk-Search/How-to-extract-below-field-from-logs/m-p/370109#M109014 Dinesh_Raja 2018-03-21T11:18:42Z https://community.splunk.com/t5/Splunk-Search/How-to-extract-below-field-from-logs/m-p/370110#M109015 <P>Working solely on the example you gave in the question,</P> <P>| rex field=_raw "ConnectorException:s(?.*)"</P> Wed, 21 Mar 2018 11:35:51 GMT https://community.splunk.com/t5/Splunk-Search/How-to-extract-below-field-from-logs/m-p/370110#M109015 tiagofbmm 2018-03-21T11:35:51Z https://community.splunk.com/t5/Splunk-Search/How-to-extract-below-field-from-logs/m-p/370111#M109016 <P>Hello @tiagofbmm,<BR /> Thanks for the answer.<BR /> But, i m getting error as "Error in 'rex' command: Encountered the following error while compiling the regex 'ConnectorException:s(?.*)': Regex: unrecognized character after (? or (?- "</P> Wed, 21 Mar 2018 11:51:20 GMT https://community.splunk.com/t5/Splunk-Search/How-to-extract-below-field-from-logs/m-p/370111#M109016 Dinesh_Raja 2018-03-21T11:51:20Z https://community.splunk.com/t5/Splunk-Search/How-to-extract-below-field-from-logs/m-p/370112#M109017 <PRE><CODE>...| rex field=_raw "ConnectorException\:s(?&lt;errormsg&gt;.*)" </CODE></PRE> Wed, 21 Mar 2018 11:53:30 GMT https://community.splunk.com/t5/Splunk-Search/How-to-extract-below-field-from-logs/m-p/370112#M109017 493669 2018-03-21T11:53:30Z https://community.splunk.com/t5/Splunk-Search/How-to-extract-below-field-from-logs/m-p/370113#M109018 <P>My bad, forgot to put it as Code</P> <PRE><CODE>| rex field=_raw "ConnectorException\:s(?&lt;ConnectorException&gt;.*)" </CODE></PRE> Wed, 21 Mar 2018 11:53:49 GMT https://community.splunk.com/t5/Splunk-Search/How-to-extract-below-field-from-logs/m-p/370113#M109018 tiagofbmm 2018-03-21T11:53:49Z https://community.splunk.com/t5/Splunk-Search/How-to-extract-below-field-from-logs/m-p/370114#M109019 <P>based on @tiagofbmm 's answer, try this <CODE>| rex field=_raw "ConnectorException:\s(?&lt;ConnectorException&gt;.*)"</CODE></P> <P>you can test out regex's at this website: <A href="https://regex101.com/">https://regex101.com/</A><BR /> it is a great place to learn and test out what you're doing. </P> Wed, 21 Mar 2018 12:04:26 GMT https://community.splunk.com/t5/Splunk-Search/How-to-extract-below-field-from-logs/m-p/370114#M109019 cmerriman 2018-03-21T12:04:26Z https://community.splunk.com/t5/Splunk-Search/How-to-extract-below-field-from-logs/m-p/370115#M109020 <P>Thanks for your answer @493669.<BR /> :)</P> Wed, 21 Mar 2018 12:05:10 GMT https://community.splunk.com/t5/Splunk-Search/How-to-extract-below-field-from-logs/m-p/370115#M109020 Dinesh_Raja 2018-03-21T12:05:10Z https://community.splunk.com/t5/Splunk-Search/How-to-extract-below-field-from-logs/m-p/370116#M109021 <P>Please upvote and accept answers</P> Wed, 21 Mar 2018 12:08:07 GMT https://community.splunk.com/t5/Splunk-Search/How-to-extract-below-field-from-logs/m-p/370116#M109021 tiagofbmm 2018-03-21T12:08:07Z https://community.splunk.com/t5/Splunk-Search/How-to-extract-below-field-from-logs/m-p/370117#M109022 <P>Hello @cmerriman,<BR /> Yes, it works &amp; Thanks for sharing the knowledge <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Wed, 21 Mar 2018 12:08:26 GMT https://community.splunk.com/t5/Splunk-Search/How-to-extract-below-field-from-logs/m-p/370117#M109022 Dinesh_Raja 2018-03-21T12:08:26Z