Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why am I unable to get the exact rex output?

Nagalakshmi
Path Finder
‎08-22-2023 11:04 AM

Hi Team,

We are trying to extract the hostname from the logs . but unable to get the exact output ( we need hostname as sample-987) . Please find the logs and tried command. Please assist us on high priority. Thanks

logs:-
 Symptom: type DD Alert Sample-987: CRITICAL: DiskFailure: HardwareFailure

Our Command:-
| rex field=_raw "DD\s\Alert\s(?<HostName>\w+-\d+)"


Regards,
Lakshmi 

Labels (1)
Labels
Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Nagalakshmi
Path Finder
‎08-23-2023 05:20 AM

Hi @isoutamo ,

Thank you for your help! We got the expected output by using the below mentioned command.

View solution in original post

0 Karma
Reply
Solved! Jump to solution

ITWhisperer
SplunkTrust
SplunkTrust
‎08-22-2023 03:18 PM

You don't need the backslash before the A (\A asserts position at start of the string)

Reply
Solved! Jump to solution

isoutamo
SplunkTrust
SplunkTrust
‎08-22-2023 02:15 PM

Hi

can you try this

 

| rex "DD Alert (?<HostName>[^:]+)"

 

r. Ismo

fixed: removed unnecessary escape characters.

Reply
Solved! Jump to solution
Solution

Nagalakshmi
Path Finder
‎08-23-2023 05:20 AM

Hi @isoutamo ,

Thank you for your help! We got the expected output by using the below mentioned command.

0 Karma
Reply
Get Updates on the Splunk Community!

Dashboards: Hiding charts while search is being executed and other uses for tokens

There are a couple of features of SimpleXML / Classic dashboards that can be used to enhance the user ...

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

This is the fourth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how ...

Brains, Bytes, and Boston: Learn from the Best at .conf25

When you think of Boston, you might picture colonial charm, world-class universities, or even the crack of a ...