Solved: Extracting the field from the events - Splunk Community

Dashboards & Visualizations

Hi Team,

I have one requirement.

I need to extract one field from the event. Below are my events.

L=Phoenix, ST=Arizona, C=US>) GET https://lpdosputb50090.phx.vxp.com:9091/api/flow/process-groups/7

L=Phoenix, ST=Arizona, C=US>) GET https://lpdosputb50090.phx.vxp.com:9091/api/flow/process-groups

L=Phoenix, ST=Arizona, C=US>) PUT https://lpdosputb50090.phx.Vxp.com:9091/api/flow/process-groups/7c

L=Phoenix, ST=Arizona, C=US>) POST https://lpdosputb50087.phx.vxp.com:9091/api/flow/process-groups/

I want to extract the word that I have highlighted.

Can someone provide me regex for that.

1 Solution

Solution

please try this regex

| rex "\)\s+(?<action>[^ ]+)"

that you can test at https://regex101.com/r/23hLks/1

Ciao.

Giuseppe

View solution in original post

Try

\) (?<word>\w+) http

---
If this reply helps you, Karma would be appreciated.

Solution

please try this regex

| rex "\)\s+(?<action>[^ ]+)"

that you can test at https://regex101.com/r/23hLks/1

Ciao.

Giuseppe

@gcusello @richgalloway

Thank you so much. Solutions work for me.

Get Updates on the Splunk Community!

Easily Improve Agent Saturation with the Splunk Add-on for OpenTelemetry Collector

Agent Saturation What and Whys In application performance monitoring, saturation is defined as the total load ...

Explore the Latest Educational Offerings from Splunk [January 2025 Updates]

At Splunk Education, we are committed to providing a robust learning experience for all users, regardless of ...

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...