How to display time, host, source type when the st...

poonama · ‎09-20-2017

I have a stack trace for one particular error like this,
[9/20/17 5:40:13:428 EDT] 000000e0 SystemOut O 20 Sep 2017 05:40:13:428 [INFO] [DMAXP01_MIF2] [] BMXAA6372I - Host name: 139.46.95.92. Server name: DMAXP01_MIF2. Cron task name: JMSQSEQCONSUMER.SEQQIN. Last run: 2017-09-20 05:40:00.0host=cltismx1waslp07 Options|

sourcetype=WebSphere:SystemOutLog Options|

source=/logs/websphere/DMAXP01_MIF2/SystemOut.log

I want to view the feilds in tabular format. My search string is
Cron task name: JMSQSEQCONSUMER.SEQQIN9. Last run: | table host, sourcetype,source.

I want to display the time after the keywords " Last run:" in the above statement.

gcusello · ‎09-20-2017

Hi poonama,
you have to extract field Last_Run in rex command or in field extraction.
regex is Last run: (?<Lat_Run>\d+-\d+-\d+\s\d+:\d+:\d+\.\d+)

your_search
| rex "Last run: (?<Lat_Run>\d+-\d+-\d+\s\d+:\d+:\d+\.\d+)"
| table Last_Run host sourcetype source

you can test it at https://regex101.com/r/Cfbhwp/1
Bye.
Giuseppe

poonama · ‎09-21-2017

Its giving multiple entries of one single last run time. Any idea how to deal with this.

How to display time, host, source type when the statement is as follows:

Data Management Digest – December 2025

Index This | What is broken 80% of the time by February?

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Join the Conversation

How to display time, host, source type when the statement is as follows:

Data Management Digest – December 2025

Index This | What is broken 80% of the time by February?

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...