topic Need rex in Splunk Search https://community.splunk.com/t5/Splunk-Search/Need-rex/m-p/681274#M232808 <P>Sample Logs:</P><PRE>&lt;&lt;&lt; Reporting.logs : 2454 : 15671231232345:INFO :com.am.sss.inws.sample.connector.SampleDBinternalexternal:::XII KEY:: g67a124-6f55-433a-345aexwc vx:: REQS REQUID :: 34567d34-1245-4asd-a27f-42345cvdwwxz:: SUB REQUID:: 7866-ghnb5-33333:: Application :barcode! company :: Org : Branch-loc :: TIME:&lt;TIMESTAMP&gt; (12) 2022/01/22 17:17:58:208 to 17:17:58:212 4 ms Generic BF Invoice time for one statment with parameters &lt;&lt;&lt; Applicationlogs : 2454 : 15671231232345:INFO :com.am.sss.inws.sample.connector.AccountBinding:::XIS KEY:: g67a124-6f55-433a-345aexwc vx:: REQS REQUID :: 7854d34-7623-4asd-a27f-90864cvdwwxz:: SUB REQUID:: 7866-ghnb5-33333:: Application :barcode! company :: Org : Branch-loc :: TIME:&lt;TIMESTAMP&gt; (12) 2022/01/22 17:17:58:208 to 17:17:58:212 4 ms Generic BF Invoice time for one statment with parameters &lt;&lt;&lt; IntialLogs : 2454 : 15671231232345:INFO :com.am.sss.inws.sample.connector.IntialReortbinding:::XIP KEY:: g67a124-6f55-433a-345aexwc vx:: REQS REQUID :: 12345d34-1288-8asd-a26f-42348cvdwwxz:: SUB REQUID:: 7866-ghnb5-33333:: Application :barcode! company :: Org : Branch-loc :: TIME:&lt;TIMESTAMP&gt; (12) 2022/01/22 17:17:58:208 to 17:17:58:212 4 ms Generic BF Invoice time for one statment with parameters &lt;&lt;&lt; PartialReportingLogs : 2454 : 15671231232345:INFO :com.am.sss.inws.sample.connector.totalDBinternalexternal:::XII KEY:: g67a124-6f55-433a-345aexwc vx:: REQS REQUID :: 09876d34-6753-3asd-a30f-87654cvdwwxz:: SUB REQUID:: 7866-ghnb5-33333:: Application :barcode! company :: Org : Branch-loc :: TIME:&lt;TIMESTAMP&gt; (12) 2022/01/22 17:17:58:208 to 17:17:58:212 4 ms Generic BF Invoice time for one statment with parameters &lt;&lt;&lt; FailedLogs : 2454 : 15671231232345:INFO :com.am.sss.inws.sample.connector.SampleDBinternalexternal:::ZII KEY:: g67a124-6f55-433a-345aexwc vx:: REQS REQUID :: 56744d34-1245-4asd-a11f-89765cvdwwxz:: SUB REQUID:: 7866-ghnb5-33333:: Application :barcode! company :: Org : Branch-loc :: TIME:&lt;TIMESTAMP&gt; (12) 2022/01/22 17:17:58:208 to 17:17:58:212 4 ms Generic BF Invoice time for one statment with parameters &lt;&lt;&lt; Reporting.logs : 2454 : 15671231232345:INFO :com.am.sss.inws.sample.connector.notalwayslogs:::PII KEY:: g67a124-6f55-433a-345aexwc vx:: REQS REQUID :: 89765d34-9875-4asd-a2f-87654cvdwwxz:: SUB REQUID:: 7866-ghnb5-33333:: Application :barcode! company :: Org : Branch-loc :: TIME:&lt;TIMESTAMP&gt; (12) 2022/01/22 17:17:58:208 to 17:17:58:212 4 ms Generic BF Invoice time for one statment with parameters</PRE><P>&nbsp;</P><P>&nbsp;I am not sure how to write rex to do field extraction.&nbsp;please find the below screenshot, i need rex for the highlighted ones:<BR /><BR /></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="mahesh27_0-1710885534170.png" style="width: 480px;"><img src="https://community.splunk.com/t5/image/serverpage/image-id/29813i04BD811E0BB0D56F/image-size/medium?v=v2&amp;px=400" role="button" title="mahesh27_0-1710885534170.png" alt="mahesh27_0-1710885534170.png" /></span></P> Tue, 19 Mar 2024 22:00:13 GMT mahesh27 2024-03-19T22:00:13Z Need rex https://community.splunk.com/t5/Splunk-Search/Need-rex/m-p/681274#M232808 <P>Sample Logs:</P><PRE>&lt;&lt;&lt; Reporting.logs : 2454 : 15671231232345:INFO :com.am.sss.inws.sample.connector.SampleDBinternalexternal:::XII KEY:: g67a124-6f55-433a-345aexwc vx:: REQS REQUID :: 34567d34-1245-4asd-a27f-42345cvdwwxz:: SUB REQUID:: 7866-ghnb5-33333:: Application :barcode! company :: Org : Branch-loc :: TIME:&lt;TIMESTAMP&gt; (12) 2022/01/22 17:17:58:208 to 17:17:58:212 4 ms Generic BF Invoice time for one statment with parameters &lt;&lt;&lt; Applicationlogs : 2454 : 15671231232345:INFO :com.am.sss.inws.sample.connector.AccountBinding:::XIS KEY:: g67a124-6f55-433a-345aexwc vx:: REQS REQUID :: 7854d34-7623-4asd-a27f-90864cvdwwxz:: SUB REQUID:: 7866-ghnb5-33333:: Application :barcode! company :: Org : Branch-loc :: TIME:&lt;TIMESTAMP&gt; (12) 2022/01/22 17:17:58:208 to 17:17:58:212 4 ms Generic BF Invoice time for one statment with parameters &lt;&lt;&lt; IntialLogs : 2454 : 15671231232345:INFO :com.am.sss.inws.sample.connector.IntialReortbinding:::XIP KEY:: g67a124-6f55-433a-345aexwc vx:: REQS REQUID :: 12345d34-1288-8asd-a26f-42348cvdwwxz:: SUB REQUID:: 7866-ghnb5-33333:: Application :barcode! company :: Org : Branch-loc :: TIME:&lt;TIMESTAMP&gt; (12) 2022/01/22 17:17:58:208 to 17:17:58:212 4 ms Generic BF Invoice time for one statment with parameters &lt;&lt;&lt; PartialReportingLogs : 2454 : 15671231232345:INFO :com.am.sss.inws.sample.connector.totalDBinternalexternal:::XII KEY:: g67a124-6f55-433a-345aexwc vx:: REQS REQUID :: 09876d34-6753-3asd-a30f-87654cvdwwxz:: SUB REQUID:: 7866-ghnb5-33333:: Application :barcode! company :: Org : Branch-loc :: TIME:&lt;TIMESTAMP&gt; (12) 2022/01/22 17:17:58:208 to 17:17:58:212 4 ms Generic BF Invoice time for one statment with parameters &lt;&lt;&lt; FailedLogs : 2454 : 15671231232345:INFO :com.am.sss.inws.sample.connector.SampleDBinternalexternal:::ZII KEY:: g67a124-6f55-433a-345aexwc vx:: REQS REQUID :: 56744d34-1245-4asd-a11f-89765cvdwwxz:: SUB REQUID:: 7866-ghnb5-33333:: Application :barcode! company :: Org : Branch-loc :: TIME:&lt;TIMESTAMP&gt; (12) 2022/01/22 17:17:58:208 to 17:17:58:212 4 ms Generic BF Invoice time for one statment with parameters &lt;&lt;&lt; Reporting.logs : 2454 : 15671231232345:INFO :com.am.sss.inws.sample.connector.notalwayslogs:::PII KEY:: g67a124-6f55-433a-345aexwc vx:: REQS REQUID :: 89765d34-9875-4asd-a2f-87654cvdwwxz:: SUB REQUID:: 7866-ghnb5-33333:: Application :barcode! company :: Org : Branch-loc :: TIME:&lt;TIMESTAMP&gt; (12) 2022/01/22 17:17:58:208 to 17:17:58:212 4 ms Generic BF Invoice time for one statment with parameters</PRE><P>&nbsp;</P><P>&nbsp;I am not sure how to write rex to do field extraction.&nbsp;please find the below screenshot, i need rex for the highlighted ones:<BR /><BR /></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="mahesh27_0-1710885534170.png" style="width: 480px;"><img src="https://community.splunk.com/t5/image/serverpage/image-id/29813i04BD811E0BB0D56F/image-size/medium?v=v2&amp;px=400" role="button" title="mahesh27_0-1710885534170.png" alt="mahesh27_0-1710885534170.png" /></span></P> Tue, 19 Mar 2024 22:00:13 GMT https://community.splunk.com/t5/Splunk-Search/Need-rex/m-p/681274#M232808 mahesh27 2024-03-19T22:00:13Z Re: Need rex https://community.splunk.com/t5/Splunk-Search/Need-rex/m-p/681288#M232815 <P>Something like</P><LI-CODE lang="markup">| rex "&lt;&lt;&lt;\s*(?&lt;LogType&gt;[^\s]*)\s*:[^:]*:[^:]*:[^:]*:(?&lt;Class&gt;[^:]*).*REQS REQUID\s*::\s*(?&lt;ReqsRequid&gt;[^:]*).*SUB REQUID::\s*(?&lt;SubRequid&gt;[^:]*).*Application\s*:(?&lt;Application&gt;[^:]*::\s*Org\s*:\s*(?&lt;Org&gt;[^:]*)"</LI-CODE> Tue, 19 Mar 2024 23:22:27 GMT https://community.splunk.com/t5/Splunk-Search/Need-rex/m-p/681288#M232815 bowesmana 2024-03-19T23:22:27Z