topic How to extract the integer values from my sample log? in Splunk Search

How to extract the integer values from my sample log?

lksridhar — Sun, 11 Dec 2016 15:09:28 GMT

Hi Everyone,

Could you please anyone help me to extract the Integer values from the below log? Please share the query to extract the seconds value from the logs.

Nov 30, 2016 09:31:04 AM CST INFO (TransactionSearchDelegateImpl.java:54) - String=[Transaction Search Results. Transactions Count Is], String=[], Integer=[351]

Thanks,
Sridhar

Re: How to extract the integer values from my sample log?

ddrillic — Sun, 11 Dec 2016 15:33:19 GMT

Try please -

| rex field=_raw Integer=\[(?<int_num>\d*)\]

It should create the int_num field.

Re: How to extract the integer values from my sample log?

niketn — Sun, 11 Dec 2016 16:08:04 GMT

You can use your dummy data on regex101 to evaluate your regular expressions.

rex field=_raw ", Integer=\[(?<Integer>\d+)\]"

PS: Once you test across your data, you should move the same as Field Extraction Knowledge Object as that is easier to maintain and reuse. You can do the same via Extract New Fields option during search (Interactive) or from Settings --> Knowledge --> Fields --> Field Extractions or directly editing props.conf.