Hi Team,
I have below events:
FileEventCreator - Completed Settlement file processing, TRIM.UNB.D082423.T065617 records processed: 13169530
FileEventCreator - Completed Settlement file processing, TRIM.BLD.D082423.T062015 records processed: 3388398
I want to fetch the records for different file name . Can someone guide me here.
My current query:
index="600000304_d_gridgain_idx*" sourcetype =600000304_gg_abs_ipc2 source="/amex/app/gfp-settlement-raw/logs/gfp-settlement-raw.log" "FileEventCreator - Completed Settlement file processing"
Thanks in advance.
Hi @aditsss,
let me understand: you wnat the regexes to extract values from the shared logs to use in thesearch, is it correct?
If this is yur requirement, please try this regex:
| rex "FileEventCreator - Completed Settlement file processing, (?<file>[^ ]*) records processed: (?<records_processed>\d+)"
That you can check at https://regex101.com/r/0uwdEj/1
I could be more sure if you could share your full logs and nor only a part of them.
Ciao.
Giuseppe
Hi @aditsss,
let me understand: you wnat the regexes to extract values from the shared logs to use in thesearch, is it correct?
If this is yur requirement, please try this regex:
| rex "FileEventCreator - Completed Settlement file processing, (?<file>[^ ]*) records processed: (?<records_processed>\d+)"
That you can check at https://regex101.com/r/0uwdEj/1
I could be more sure if you could share your full logs and nor only a part of them.
Ciao.
Giuseppe
Hi @aditsss,
good for you, see next time!
Ciao and happy splunking
Giuseppe
P.S.: Karma Points are appreciated 😉