topic Re: How to extract string value and use comparison operators in a search? in Splunk Search

How to extract string value and use comparison operators in a search?

akash_akkis — Thu, 04 Sep 2014 06:33:57 GMT

Hi I am new to splunk
I wanted to extract data from logs that have a particular string with a value and only return data where the extracted value is 100 or greater.

ID: 2999
Payload: {"Audit":{"__queryElapsedTime":"267","__requestReceived":"2014.09.04 06:01:04.560
Address: sdfjkjsdljsjdjjkljsd";k;lklsdk

Here is my logs I wanted to search ID , Payload , Address and list in table

ID Address Payload
2999 sdjsdjj;'lkdfj;ksfdk {"Audit":{"queryElapsedTime":"267","requestReceive

Please help me I am stuck with prod issue.

Re: How to extract string value and use comparison operators in a search?

gfuente — Thu, 04 Sep 2014 07:02:11 GMT

Hello

Try this:

your base search ... | rex "queryElapsedTime\"\:\"(?<queryelapsedtime>\d+)\"" | search queryelapsedtime > 99 | stats count, values(queryelapsedtime) by _time

Regards

Re: How to extract string value and use comparison operators in a search?

akash_akkis — Thu, 04 Sep 2014 13:27:14 GMT

Hi gluente Thanks for your answer its working fine now I need the above sample which is edited Please give me some trick