Dashboards & Visualizations

Extracting the field from the events

aditsss
Motivator

Hi Team,

I have one requirement.

I need to extract one field from the event. Below are my events.

L=Phoenix, ST=Arizona, C=US>) GET https://lpdosputb50090.phx.vxp.com:9091/api/flow/process-groups/7

L=Phoenix, ST=Arizona, C=US>) GET https://lpdosputb50090.phx.vxp.com:9091/api/flow/process-groups

L=Phoenix, ST=Arizona, C=US>) PUT https://lpdosputb50090.phx.Vxp.com:9091/api/flow/process-groups/7c

L=Phoenix, ST=Arizona, C=US>) POST https://lpdosputb50087.phx.vxp.com:9091/api/flow/process-groups/

I want to extract the word that I have highlighted.

Can someone provide me regex for that.

Labels (3)
0 Karma
1 Solution

gcusello
SplunkTrust
SplunkTrust

Hi @aditsss,

please try this regex

| rex "\)\s+(?<action>[^ ]+)"

that you can test at https://regex101.com/r/23hLks/1

Ciao.

Giuseppe

View solution in original post

richgalloway
SplunkTrust
SplunkTrust

Try

\) (?<word>\w+) http
---
If this reply helps you, Karma would be appreciated.

gcusello
SplunkTrust
SplunkTrust

Hi @aditsss,

please try this regex

| rex "\)\s+(?<action>[^ ]+)"

that you can test at https://regex101.com/r/23hLks/1

Ciao.

Giuseppe

aditsss
Motivator

@gcusello @richgalloway 

Thank you so much. Solutions work for me.

0 Karma
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...