Dashboards & Visualizations

Why am I Not able to fetch record Count?

aditsss
Motivator

Hi Team,

Below are my raw logs:

2023-08-08 10:25:13.067 [INFO ] [Thread-3] CollateralProcessor - Server side call completed for Collateral with record count:   476

2023-08-08 09:56:03.777 [INFO ] [Thread-3] CollateralProcessor - Server side call completed for Collateral with record count:  18541701

I am using below query to fetch the number

 

index="abc" sourcetype =600000304_gg_abs_ipc2 source="/amex/app/gfp-settlement-transform/logs/gfp-settlement-transform.log" "Server side call completed for Collateral with record count"| rex "Server side call completed for Collateral with record count :(?<record>\d+)"|timechart span=1d values(record) AS RecordCountdate.PNG

I am not getting record count just date. Can someone guide here

Labels (2)
Tags (2)
0 Karma
1 Solution

richgalloway
SplunkTrust
SplunkTrust

Regular expressions must be precise.  A misplaced space or two, while insignificant to a human, may make the difference between a matching event and a non-matching event.  Try this rex command in place of the original.

| rex "Server side call completed for Collateral with record count:\s+(?<record>\d+)"

 

---
If this reply helps you, Karma would be appreciated.

View solution in original post

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Regular expressions must be precise.  A misplaced space or two, while insignificant to a human, may make the difference between a matching event and a non-matching event.  Try this rex command in place of the original.

| rex "Server side call completed for Collateral with record count:\s+(?<record>\d+)"

 

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Thanks for the Memories! Splunk University, .conf24, and Community Connections

Thank you to everyone in the Splunk Community who joined us for .conf24 – starting with Splunk University and ...

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...