Monitoring Splunk
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

expression for field extraction extraction of table data

ravir_jbp
Explorer
‎12-29-2021 03:56 AM

 

 

12/27/21
6:42:50.000 AM	
PSComputerName 		Name                     Memory
-------------- 		----                     ------
Host1     		dfdf_Svc.exe           	16024
Host1    		sssService.exe		13142056
Host1     		abcservice.exe        	31380
Host1     		xyzservice.exe          114340
Host1     		rrrrr.exe       	29304


12/27/21
6:42:50.000 AM	
PSComputerName 		Name                     Memory
-------------- 		----                     ------
Host2     		dfdf_Svc.exe            16064
Host2     		sssService.exe 		13144028
Host2     		abcservice.exe           114708
Host2     		xyzservice.exe       	 32248
Host2    		 rrrrr.exe       	 33616


I have these splunk output event in splunk logs. 1 event is for one specific server only. Under one server we have 5 services running and associated memory information. These output is in table format. I like to create regular expression so that I can create table format output as below:



Servername          Servicename               Memory(in MB) (since above memory in bytes)

 

 

Labels (1)
Labels
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎12-29-2021 05:27 AM

Why use a regular expression when Splunk has a command specifically for this data format?  Check out the multikv command at https://docs.splunk.com/Documentation/Splunk/8.2.4/SearchReference/Multikv

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Community Content Calendar, November Edition

Welcome to the November edition of our Community Spotlight! Each month, we dive into the Splunk Community to ...

October Community Champions: A Shoutout to Our Contributors!

As October comes to a close, we want to take a moment to celebrate the people who make the Splunk Community ...

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

What are Community Office Hours? Community Office Hours is an interactive 60-minute Zoom series where ...