Solved: Extracting the field from the events - Splunk Community

Dashboards & Visualizations

Hi Team,

I have one requirement.

I need to extract one field from the event. Below are my events.

L=Phoenix, ST=Arizona, C=US>) GET https://lpdosputb50090.phx.vxp.com:9091/api/flow/process-groups/7

L=Phoenix, ST=Arizona, C=US>) GET https://lpdosputb50090.phx.vxp.com:9091/api/flow/process-groups

L=Phoenix, ST=Arizona, C=US>) PUT https://lpdosputb50090.phx.Vxp.com:9091/api/flow/process-groups/7c

L=Phoenix, ST=Arizona, C=US>) POST https://lpdosputb50087.phx.vxp.com:9091/api/flow/process-groups/

I want to extract the word that I have highlighted.

Can someone provide me regex for that.

1 Solution

Solution

please try this regex

| rex "\)\s+(?<action>[^ ]+)"

that you can test at https://regex101.com/r/23hLks/1

Ciao.

Giuseppe

View solution in original post

Try

\) (?<word>\w+) http

---
If this reply helps you, Karma would be appreciated.

Solution

please try this regex

| rex "\)\s+(?<action>[^ ]+)"

that you can test at https://regex101.com/r/23hLks/1

Ciao.

Giuseppe

@gcusello @richgalloway

Thank you so much. Solutions work for me.

Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now! In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...