https://community.splunk.com/t5/Splunk-Search/field-extraction-for-latency-message/m-p/19057#M2842 <P>Hi All,</P> <P>Below is my search result to get datapower latency logs. I need to prepare a chart to display the response time by each services. The latency message provide the response time of each events in milliseconds, I need to extract the 12th position of the latency message to prepare the charts. Can someone help me to extract this field using rex?</P> <HR /> <P><CODE>Apr 25 20:38:29 10.142.102.50 Apr 25 20:38:29 server1 [in01_sr][latency][info] wsgw(service): trans(57567889)[10.142.99.6]: Latency: 0 566 0 527 566 522 1 3859 3941 3861 3941 3942 3936 3924 527 566 [http://10.140.102.46:9005/service]</CODE></P> <P><CODE>Apr 25 18:32:17 10.142.102.50 Apr 25 18:32:17 server1 [in01_sr][latency][info] wsgw(service): trans(57567681)[10.142.99.6]: Latency: 0 64 0 32 64 26 1 847 929 848 929 930 923 912 32 64 [http://10.140.102.46:9005/service]</CODE></P> <H2><CODE>Apr 25 18:21:21 10.142.102.50 Apr 25 18:21:21 server1 [in01_sr][latency][info] wsgw(service): trans(57567409)[10.142.99.6]: Latency: 0 19 0 19 19 14 1 757 808 758 808 808 803 790 19 19 [http://10.140.102.46:9005/service]</CODE></H2> Mon, 29 Apr 2013 16:16:25 GMT karcodsa 2013-04-29T16:16:25Z https://community.splunk.com/t5/Splunk-Search/field-extraction-for-latency-message/m-p/19057#M2842 <P>Hi All,</P> <P>Below is my search result to get datapower latency logs. I need to prepare a chart to display the response time by each services. The latency message provide the response time of each events in milliseconds, I need to extract the 12th position of the latency message to prepare the charts. Can someone help me to extract this field using rex?</P> <HR /> <P><CODE>Apr 25 20:38:29 10.142.102.50 Apr 25 20:38:29 server1 [in01_sr][latency][info] wsgw(service): trans(57567889)[10.142.99.6]: Latency: 0 566 0 527 566 522 1 3859 3941 3861 3941 3942 3936 3924 527 566 [http://10.140.102.46:9005/service]</CODE></P> <P><CODE>Apr 25 18:32:17 10.142.102.50 Apr 25 18:32:17 server1 [in01_sr][latency][info] wsgw(service): trans(57567681)[10.142.99.6]: Latency: 0 64 0 32 64 26 1 847 929 848 929 930 923 912 32 64 [http://10.140.102.46:9005/service]</CODE></P> <H2><CODE>Apr 25 18:21:21 10.142.102.50 Apr 25 18:21:21 server1 [in01_sr][latency][info] wsgw(service): trans(57567409)[10.142.99.6]: Latency: 0 19 0 19 19 14 1 757 808 758 808 808 803 790 19 19 [http://10.140.102.46:9005/service]</CODE></H2> Mon, 29 Apr 2013 16:16:25 GMT https://community.splunk.com/t5/Splunk-Search/field-extraction-for-latency-message/m-p/19057#M2842 karcodsa 2013-04-29T16:16:25Z https://community.splunk.com/t5/Splunk-Search/field-extraction-for-latency-message/m-p/19058#M2843 <PRE><CODE>Latency:\s+(?:\d+\s+){11}(?&lt;response_time&gt;\d+) </CODE></PRE> Mon, 29 Apr 2013 17:22:21 GMT https://community.splunk.com/t5/Splunk-Search/field-extraction-for-latency-message/m-p/19058#M2843 Ayn 2013-04-29T17:22:21Z https://community.splunk.com/t5/Splunk-Search/field-extraction-for-latency-message/m-p/19059#M2844 <P>Are you interested in a DataPower app for Splunk that will provide much deeper Latency details? It also has several other features that are useful to DP operations, development and business teams....</P> Tue, 30 Apr 2013 03:32:49 GMT https://community.splunk.com/t5/Splunk-Search/field-extraction-for-latency-message/m-p/19059#M2844 kingsizebk 2013-04-30T03:32:49Z https://community.splunk.com/t5/Splunk-Search/field-extraction-for-latency-message/m-p/19060#M2845 <P>Is there a DataPower app for Splunk? I really would like to get the DataPower records formatted better in Splunk so that I can do stats by Web Service.</P> Thu, 30 Oct 2014 16:22:11 GMT https://community.splunk.com/t5/Splunk-Search/field-extraction-for-latency-message/m-p/19060#M2845 jmacera 2014-10-30T16:22:11Z