How to extract new fields?

lucky · ‎09-03-2023

HI team,

I need to extract the new fields by using rex for below raw data

1.ResponseCode

2.url

message: INFO [nio-8443-exce-8] b. b. b.filter.loggingvontextfilter c.c.c.c.l.cc.f.loggingcintextfil=ter.post process(Loggingcintextfilter.java"201)-PUT/actatarr/halt/liveness||||||||||||METRIC|--|Responsecode=400|Response Time=0

manjunathmeti · ‎09-03-2023

hi @lucky,

Try this:

| rex "\-(PUT|GET|POST|DELETE)(?<url>[\/A-z]+).*Responsecode=(?<ResponseCode>\d+)"

Sample query:

| makeresults | eval _raw="message: INFO [nio-8443-exce-8] b. b. b.filter.loggingvontextfilter c.c.c.c.l.cc.f.loggingcintextfil=ter.post process(Loggingcintextfilter.java\"201)-PUT/actatarr/halt/liveness||||||||||||METRIC|--|Responsecode=400|Response Time=0" | rex "\-(PUT|GET|POST|DELETE)(?<url>[\/A-z]+).*Responsecode=(?<ResponseCode>\d+)"

How to extract new fields?

Your Guide to Splunk Digital Experience Monitoring

Data Management Digest – November 2025

Upcoming Webinar: Unmasking Insider Threats with Slunk Enterprise Security’s UEBA

Join the Conversation

How to extract new fields?

Your Guide to Splunk Digital Experience Monitoring

Data Management Digest – November 2025

Upcoming Webinar: Unmasking Insider Threats with Slunk Enterprise Security’s UEBA