topic How do I pull text our of a log to create a visual? in Splunk Search

How do I pull text our of a log to create a visual?

roderickjones — Fri, 23 Oct 2020 23:05:13 GMT

Hi,

This might be a super basic question but I have a log and I need to create a dashboard that represents a value found in each log for that day of a file uploaded and the count of the records

EXAMPLE

: 153 cases created out of 411 import case records for file: clientfile_20201023160218.cdreq.pgp

I need a graph that will pull the "153" out of this raw log each day.

Re: How do I pull text our of a log to create a visual?

alemarzu — Sat, 24 Oct 2020 00:20:02 GMT

Hi @roderickjones, can you share an event sample?

Something like this perhaps?

your_base_search | rex "\]: (?<caseCount>\d+)[\w\s]+(?<importCount>\d+)[^\:]+:\s(?<fileName>[^\s]+)" | timechart sum(caseCount) as totalCases, sum(importCount) as totalImports span=1d

Sidenote, replace the `sum` function for `values` if you only have 1 file per day.

Re: How do I pull text our of a log to create a visual?

roderickjones — Fri, 23 Oct 2020 23:48:25 GMT

Oct 23 23:15:08 myhost cdrn-issuer-import: <14>160349490844366260 cdrn-issuer-import com.cdrn.issuer.imports.batch.CdrnVersion3ItemWriter[bdfef334b18c4ee7a91a5b1a9f42656f]: 37 cases created out of 20 import case records for file: VICFT_2020102319_01.txt.pgp

host = myhost
index = syslog
source = /var/log/syslog
sourcetype = syslog