topic regex from logs in Splunk Search https://community.splunk.com/t5/Splunk-Search/regex-from-logs/m-p/533031#M150580 <P><SPAN class="t">2020-11-30T23:59:46.101621</SPAN><SPAN>+</SPAN><SPAN class="t">00:00</SPAN> <SPAN class="t">fdb2.fdb-us-south-002</SPAN> <SPAN class="t">2020-11-30T23:59:45Z</SPAN><SPAN> { "</SPAN><SPAN class="t">Severity</SPAN><SPAN>"</SPAN><SPAN class="t">:</SPAN><SPAN> "</SPAN><SPAN class="t">10</SPAN><SPAN>", "</SPAN><SPAN class="t">Time</SPAN><SPAN>"</SPAN><SPAN class="t">:</SPAN><SPAN> "</SPAN><SPAN class="t">1606780785.516014</SPAN><SPAN>", "</SPAN><SPAN class="t">Type</SPAN><SPAN>"</SPAN><SPAN class="t">:</SPAN><SPAN> "</SPAN><SPAN class="t">SomewhatSlowRunLoopTop</SPAN><SPAN>", "</SPAN><SPAN class="t">ID</SPAN><SPAN>"</SPAN><SPAN class="t">:</SPAN><SPAN> "</SPAN><SPAN class="t">0000000000000000</SPAN><SPAN>", "</SPAN><SPAN class="t">Elapsed</SPAN><SPAN>"</SPAN><SPAN class="t">:</SPAN><SPAN>"</SPAN><SPAN class="t">0.0734675</SPAN><SPAN>", "</SPAN><SPAN class="t">Machine</SPAN><SPAN>"</SPAN><SPAN class="t">:</SPAN><SPAN> "</SPAN><SPAN class="t">10.185.175.43:4501</SPAN><SPAN>", "</SPAN><SPAN class="t">LogGroup</SPAN><SPAN>"</SPAN><SPAN class="t">:</SPAN><SPAN> "</SPAN><SPAN class="t">default</SPAN><SPAN>" }</SPAN></P><P>&nbsp;</P><P><SPAN>I want to how&nbsp;Can i extract "severity": "10" &nbsp;&amp; Machine ip &nbsp;in the search from the logs &nbsp;and put. it in a table format.</SPAN></P> Mon, 14 Dec 2020 17:00:23 GMT rajneeshdba 2020-12-14T17:00:23Z regex from logs https://community.splunk.com/t5/Splunk-Search/regex-from-logs/m-p/533031#M150580 <P><SPAN class="t">2020-11-30T23:59:46.101621</SPAN><SPAN>+</SPAN><SPAN class="t">00:00</SPAN> <SPAN class="t">fdb2.fdb-us-south-002</SPAN> <SPAN class="t">2020-11-30T23:59:45Z</SPAN><SPAN> { "</SPAN><SPAN class="t">Severity</SPAN><SPAN>"</SPAN><SPAN class="t">:</SPAN><SPAN> "</SPAN><SPAN class="t">10</SPAN><SPAN>", "</SPAN><SPAN class="t">Time</SPAN><SPAN>"</SPAN><SPAN class="t">:</SPAN><SPAN> "</SPAN><SPAN class="t">1606780785.516014</SPAN><SPAN>", "</SPAN><SPAN class="t">Type</SPAN><SPAN>"</SPAN><SPAN class="t">:</SPAN><SPAN> "</SPAN><SPAN class="t">SomewhatSlowRunLoopTop</SPAN><SPAN>", "</SPAN><SPAN class="t">ID</SPAN><SPAN>"</SPAN><SPAN class="t">:</SPAN><SPAN> "</SPAN><SPAN class="t">0000000000000000</SPAN><SPAN>", "</SPAN><SPAN class="t">Elapsed</SPAN><SPAN>"</SPAN><SPAN class="t">:</SPAN><SPAN>"</SPAN><SPAN class="t">0.0734675</SPAN><SPAN>", "</SPAN><SPAN class="t">Machine</SPAN><SPAN>"</SPAN><SPAN class="t">:</SPAN><SPAN> "</SPAN><SPAN class="t">10.185.175.43:4501</SPAN><SPAN>", "</SPAN><SPAN class="t">LogGroup</SPAN><SPAN>"</SPAN><SPAN class="t">:</SPAN><SPAN> "</SPAN><SPAN class="t">default</SPAN><SPAN>" }</SPAN></P><P>&nbsp;</P><P><SPAN>I want to how&nbsp;Can i extract "severity": "10" &nbsp;&amp; Machine ip &nbsp;in the search from the logs &nbsp;and put. it in a table format.</SPAN></P> Mon, 14 Dec 2020 17:00:23 GMT https://community.splunk.com/t5/Splunk-Search/regex-from-logs/m-p/533031#M150580 rajneeshdba 2020-12-14T17:00:23Z Re: regex from logs https://community.splunk.com/t5/Splunk-Search/regex-from-logs/m-p/533034#M150582 <P>This looks like JSON. Use spath</P> Mon, 14 Dec 2020 17:10:52 GMT https://community.splunk.com/t5/Splunk-Search/regex-from-logs/m-p/533034#M150582 ITWhisperer 2020-12-14T17:10:52Z