Solved: Re: Regex Stats count Help

valpravin · ‎03-25-2018

Hi All

I have String result as a

"Event":"BirthDay"
"Event":"MarriageAnniversary"
"Event":"NewYear"
"Event":"BirthDay"

when I do stats count by activity I want to get results as:

BirthDay : 2
MarriageAnniversary : 1
NewYear : 1

Tried Like this but no help

| rex field=_raw "\?Event=(?"":"\w+")" | stats count by Event

tiagofbmm · ‎03-25-2018

Hello

Please try this one

| rex field=_raw "\"Event\"\:\"(?<Activity>[^\"]*)"

View solution in original post

richgalloway · ‎03-25-2018

When writing regular expressions or other code in questions, answers, or comments it's best to enclose them in backtic characters (`) so they don't get dropped. You can also highlight your code and click the "101010" button.

---
If this reply helps you, Karma would be appreciated.

richgalloway · ‎03-25-2018

Your regex string is a little off. Try this one. You may need to insert additional backslashes to make rex happy. It can be tricky to create a regex with quotes in it.

| rex "Event\":\"(?<Event>\w+)\"" | ...

---
If this reply helps you, Karma would be appreciated.

tiagofbmm · ‎03-25-2018

Hello

Please try this one

| rex field=_raw "\"Event\"\:\"(?<Activity>[^\"]*)"

Regex Stats count Help

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor