Hello Friends,
I am looking for your help for a rex expression.
message = [2021-05-26 00:00:33,477] {taskinstance.py:669} INFO - Dependencies all met for <TaskInstance: example_dag_oidc.test_bash 2021-05-25 00:00:00+00:00 [None]>
I would like to split this message field as below fields:
Thanks
Try the following regex with the rex command:
"\[(?<logDateTime>[\d, :,-]+)\].+ (?<logLevel>\w+) - (?<logMessage>.+)"
In Splunk SPL it would look like this (assuming that the raw data is in a field called 'message'):
| rex field=message "\[(?<logDateTime>[\d, :,-]+)\].+ (?<logLevel>\w+) - (?<logMessage>.+)"
| table logDateTime logLevel logMessage
Hopefully that suits your needs?
Eddie
Try the following regex with the rex command:
"\[(?<logDateTime>[\d, :,-]+)\].+ (?<logLevel>\w+) - (?<logMessage>.+)"
In Splunk SPL it would look like this (assuming that the raw data is in a field called 'message'):
| rex field=message "\[(?<logDateTime>[\d, :,-]+)\].+ (?<logLevel>\w+) - (?<logMessage>.+)"
| table logDateTime logLevel logMessage
Hopefully that suits your needs?
Eddie