Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to create query to track multiple ORA numbers, we received different format logs as below?

jackin
Path Finder
‎08-04-2022 03:02 AM

I want to track multiple ORA numbers, we received different format logs as below, can you help me to write a query for this.

 

Logs/Events:

 

2022-08-04T06 : 55 : 54.009110 + 01 : 00 opiodr aborting process unknown ospid ( 8696 ) as a result of ORA - 609

2022-08-04T06 : 51 : 54.137474 + 01 : 00 WARNING : inbound connection timed out ( ORA - 3136 )

Labels (2)
Labels
0 Karma
Reply

tej57
Contributor
‎08-04-2022 04:52 AM

Hello @jackin ,

You can write the below query to your base search to extract the ORA field.

| <your_base_query>
| rex field=_raw "(ORA - )(?P<ORA>\d+)"

 

---

If you find this answer helpful, an upvote is appreciated..!!

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...