Solved: How to write regular expression for the below log ...

vineela · ‎10-31-2022

i need to write regular expression for the below log and i need to extract error code,message and status code:

{"log":"28/Oct/2022:22:23:39 +1100 [qtp2012846597-33] [correlationId=00223854-356e-4a24-bc04-4bce27407dfa] ERROR au.com.commbank.pso.payments.reportgen.util.LoggingUtil - Severity = \"ERROR\", DateTimestamp = \"28/Oct/2022 22:23:39\", Error Code = \"REPORT_GENERATION_ERR_0007\", Error Message = \"API call to IDP failed with HTTP Status Code 4XX\", HTTP Status Code = \"500\"

Thanks in Advance

ITWhisperer · ‎10-31-2022

| rex "Error Code = \\\\\"(?<errorCode>[^\\\\]+)"
| rex "Error Message = \\\\\"(?<errorMessage>[^\\\\]+)"
| rex "HTTP Status Code = \\\\\"(?<HTTPStatusCode>[^\\\\]+)"

View solution in original post

ITWhisperer · ‎10-31-2022

| rex "Error Code = \\\\\"(?<errorCode>[^\\\\]+)"
| rex "Error Message = \\\\\"(?<errorMessage>[^\\\\]+)"
| rex "HTTP Status Code = \\\\\"(?<HTTPStatusCode>[^\\\\]+)"

How to write regular expression for the below log and to extract error code, message and status code?

alert action

.conf25 Community Recap

Splunk App Developers | .conf25 Recap & What’s Next

Congratulations to the 2025-2026 SplunkTrust!

Are you a member of the Splunk Community?

How to write regular expression for the below log and to extract error code, message and status code?

alert action

.conf25 Community Recap

Splunk App Developers | .conf25 Recap & What’s Next

Congratulations to the 2025-2026 SplunkTrust!