https://community.splunk.com/t5/Splunk-Search/rex-extract-2-single-values-from-set-of-numbers/m-p/457062#M171184 <P>Hey @splunkuseradmin ,</P> <P>Try using this regex:</P> <PRE><CODE>rex field=_raw "^server:\s\[\w+\]\s:\s{\"\d+\"\s\:\s\[\d+,(?P&lt;conferences&gt;\d+.\d+[^,]),\d+.\d+,(?P&lt;calls&gt;\d+),\d+\]\}" </CODE></PRE> <P>Let me know if this helps!!</P> Fri, 17 May 2019 11:59:42 GMT deepashri_123 2019-05-17T11:59:42Z https://community.splunk.com/t5/Splunk-Search/rex-extract-2-single-values-from-set-of-numbers/m-p/457061#M171183 <P>hello guyz,</P> <P>new to splunk was to figure out solution for this.<BR /> I have logs like below need to do " rex" and extract 2 values (1st and 4th) from each log with set like [23,23.000,89.375,35,0], [1,1.000,16.000,4,0] etc. <BR /> ex.,<BR /> value1- "23" and save in new field with name conferences from every log<BR /> value4- "35" and save in new field with name calls from every log<BR /> thanks</P> Fri, 17 May 2019 00:34:41 GMT https://community.splunk.com/t5/Splunk-Search/rex-extract-2-single-values-from-set-of-numbers/m-p/457061#M171183 splunkuseradmin 2019-05-17T00:34:41Z https://community.splunk.com/t5/Splunk-Search/rex-extract-2-single-values-from-set-of-numbers/m-p/457062#M171184 <P>Hey @splunkuseradmin ,</P> <P>Try using this regex:</P> <PRE><CODE>rex field=_raw "^server:\s\[\w+\]\s:\s{\"\d+\"\s\:\s\[\d+,(?P&lt;conferences&gt;\d+.\d+[^,]),\d+.\d+,(?P&lt;calls&gt;\d+),\d+\]\}" </CODE></PRE> <P>Let me know if this helps!!</P> Fri, 17 May 2019 11:59:42 GMT https://community.splunk.com/t5/Splunk-Search/rex-extract-2-single-values-from-set-of-numbers/m-p/457062#M171184 deepashri_123 2019-05-17T11:59:42Z https://community.splunk.com/t5/Splunk-Search/rex-extract-2-single-values-from-set-of-numbers/m-p/457063#M171185 <P>I modified the regex above a little to get the correct fields.</P> <PRE><CODE>^server:\s\[\w+\]\s:\s{\"\d+\"\s\:\s\[(?P&lt;conferences&gt;\d+),\d+.\d+[^,],\d+.\d+,(?P&lt;calls&gt;\d+),\d+\]\} </CODE></PRE> <P>If you're new to regex, here's a great website to help. You can use it to try regex expressions and collaborate with others to help you become an expert.</P> <P><A href="https://regex101.com/r/DAog06/1/">https://regex101.com/r/DAog06/1/</A></P> Fri, 17 May 2019 12:16:55 GMT https://community.splunk.com/t5/Splunk-Search/rex-extract-2-single-values-from-set-of-numbers/m-p/457063#M171185 memarshall63 2019-05-17T12:16:55Z https://community.splunk.com/t5/Splunk-Search/rex-extract-2-single-values-from-set-of-numbers/m-p/457064#M171186 <P>Hi</P> <P>Try this</P> <PRE><CODE>| makeresults | eval msg="server: [USAGE] : {\"2\" : [23,23.000,89.375,35,0]} host = us-voice-vmr11.corp.com" | append [| makeresults | eval msg="server: [USAGE] : {\"2\" : [1,1.000,16.000,4,0]} host = gs-voice-vmr12.corp.com"] | rex field=msg "^server:\s\[\w+\]\s:\s\{\"\d+\"\s:\s\[(?P&lt;temp&gt;.+)\]}" | eval values = split(temp,",") | eval conferences = mvindex(values,0) | eval calls = mvindex(values,3) </CODE></PRE> Fri, 17 May 2019 12:24:16 GMT https://community.splunk.com/t5/Splunk-Search/rex-extract-2-single-values-from-set-of-numbers/m-p/457064#M171186 vnravikumar 2019-05-17T12:24:16Z