Archive
Highlighted

Extrating fileds based on matching values from log

Explorer

Hi Want to extract specific fields from a log file. Tried using rex but failed.. need help

  • Want to extract matching [PID: ] and [Thd: ]
  • export it to csv file or in any excel format

Log file EG:

----------------------------------------
03-09-2012 12:04:52.824 Information  C:\Program Files\Common Files\Microsoft Shared\DevServer\10.0\WebDev.WebServer40.exe [App: WebMobile]  [PID: 296]  [Thd: 5400]  StockRoomController DisplayScanItem 1234 12345678 33333 00000000-0000-0000-0000-000000000000 Controller 39634671 39634703 32
----------------------------------------
----------------------------------------
03-09-2012 12:04:53.262 Information  C:\Program Files\Common Files\Microsoft Shared\DevServer\10.0\WebDev.WebServer40.exe [App: WebMobile]  [PID: 296]  [Thd: 5676]  BCK001 UI 1 2 00000000-0000-0000-0000-000000000000 RenderingTime 1331316293215 1331316293246 31
----------------------------------------
----------------------------------------
03-09-2012 12:05:06.855 Information  C:\Program Files\Common Files\Microsoft Shared\DevServer\10.0\WebDev.WebServer40.exe [App: WebMobile]  [PID: 296]  [Thd: 5036]  BCK001 UI 1 2 ffe7d7cb-c7ae-4056-8393-6e237b7e120b SubmitTime 0 1331316306839 0
----------------------------------------
----------------------------------------
03-09-2012 12:05:08.230 Information  C:\Program Files\Common Files\Microsoft Shared\DevServer\10.0\WebDev.WebServer40.exe [App: WebMobile]  [PID: 296]  [Thd: 5676]  StockroomDomainManager ReadLoc 1234 12345678 33333 ffe7d7cb-c7ae-4056-8393-6e237b7e120b DataBase 39649906 39650687 781
----------------------------------------
----------------------------------------
03-09-2012 12:05:08.230 Information  C:\Program Files\Common Files\Microsoft Shared\DevServer\10.0\WebDev.WebServer40.exe [App: WebMobile]  [PID: 296]  [Thd: 5676]  StockroomDomainManager ReadStkrmLocsByProdId_FG 1234 12345678 33333 ffe7d7cb-c7ae-4056-8393-6e237b7e120b DataBase 39649906 39650687 781
----------------------------------------
----------------------------------------
03-09-2012 12:05:08.230 Information  C:\Program Files\Common Files\Microsoft Shared\DevServer\10.0\WebDev.WebServer40.exe [App: WebMobile]  [PID: 296]  [Thd: 5676]  BackstockApplication GetStkrmLocsByProdId_FG 1234 12345678 33333 ffe7d7cb-c7ae-4056-8393-6e237b7e120b Controller 39649906 39650687 781
----------------------------------------
----------------------------------------
03-09-2012 12:05:08.230 Information  C:\Program Files\Common Files\Microsoft Shared\DevServer\10.0\WebDev.WebServer40.exe [App: WebMobile]  [PID: 296]  [Thd: 5676]  StockRoomController DisplayScanLocation 1234 12345678 33333 ffe7d7cb-c7ae-4056-8393-6e237b7e120b Controller 39650687 39650687 0
----------------------------------------
----------------------------------------
Tags (3)
0 Karma
Highlighted

Re: Extrating fileds based on matching values from log

Legend

What's not working with rex? This should work:

... | rex "\[PID: (?<pid>\d+)\]\s+\[Thd: (?<thd>\d+)\]"
0 Karma
Highlighted

Re: Extrating fileds based on matching values from log

Explorer

Thankyou Ayn,

Is there any way to export the values out of the log files for the above two mentioned fields.

Like the logs have a "PID" and "Thd" value, can we use splunk to filter out that value and then export it to a say csv files or an excel sheet.

--update
I can however select the fields i wish to in the output by selecting the fields under "selected fields" but i am not able to export these values in an excel sheet or say a csv

0 Karma
Highlighted

Re: Extrating fileds based on matching values from log

Legend

... | rex "\[PID: (?<pid>\d+)\]\s+\[Thd: (?<thd>\d+)\]" | fields pid thd | outputcsv exportedfields

0 Karma