topic Re: How to fetch the values from log using regular expression? in Splunk Search

How to fetch the values from log using regular expression?

aqaadi — Tue, 23 Jul 2019 13:38:51 GMT

Hi Team,

Need your help on below search:

I'm spitting something like this in the log:

My Test Data|My Test ID|My Case Status|My verification code|My Comments on case

The log has the data similar to above format delimited by pipe "|"

I have around 8 fields in this way and I want to extract them in a table format and send the output to a service.

Can you help me achieve it?

Re: How to fetch the values from log using regular expression?

vnravikumar — Tue, 23 Jul 2019 14:48:28 GMT

Try like

| makeresults 
| eval test="aaa|bbb|ccc|ddd|eee" 
| eval result=split(test,"|") 
| eval My_Test_Data=mvindex(result,0),My_Test_ID=mvindex(result,1),My_Case_Status=mvindex(result,2),My_verification_code=mvindex(result,3),My_Comments_on_case=mvindex(result,4) 
| table My_Test_Data My_Test_ID My_Case_Status My_verification_code My_Comments_on_case

Re: How to fetch the values from log using regular expression?

aqaadi — Tue, 23 Jul 2019 16:12:23 GMT

thanks let me try it.
How do i passs the log snippet at runtime to test variable?

Re: How to fetch the values from log using regular expression?

aqaadi — Tue, 23 Jul 2019 19:00:14 GMT

what should be the value of makeresults here ?

Re: How to fetch the values from log using regular expression?

aqaadi — Tue, 23 Jul 2019 19:46:37 GMT

I tried the regex expression regex _raw=(ML\D{17})|(\D{3}\d{6}-\d{6}) and it worked. However i see entire log snippet is being returned instead of just the data present in regex expression.

Any idea how to achieve this?

Re: How to fetch the values from log using regular expression?

aqaadi — Wed, 24 Jul 2019 22:44:24 GMT

This worked thanks