Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

I want to look for certain text and extract that field and make a report

mikeyty07
Communicator
‎06-09-2021 07:04 AM
index=abc "exception":"java.util.concurrent.ExecutionException" searching above displays like these in below events "exception":"java.util.concurrent.ExecutionException: ABC_1000:We're sorry, it looks like an error occurred while getting information" "exception":"java.util.concurrent.ExecutionException: ABC-2000:We're sorry, it looks like an error occurred while getting information" I want to take the ABC_ OR ABC- error codes and have a report based on that which should look like this ABC Codes message counts ABC_1000 We're sorry, it looks like an error occurred while getting information 3 ABC-2000 We're sorry, it looks like an error occurred while getting information 5
Labels (1)
Labels
0 Karma
Reply

rupkumar4sec
Path Finder
‎06-09-2021 11:41 AM 
index=abc "exception":"java.util.concurrent.ExecutionException"
| rex field=_raw "Exception\:\s(?=ABC)(?<ABC_CODE>[^\:]+)\:(?<Message>[^\"]+)"
| stats count by  ABC_CODE, Message
0 Karma
Reply

mikeyty07
Communicator
‎06-09-2021 07:05 AM
index=abc "exception":"java.util.concurrent.ExecutionException" searching above displays like these in below events "exception":"java.util.concurrent.ExecutionException: ABC_1000:We're sorry, it looks like an error occurred while getting information" "exception":"java.util.concurrent.ExecutionException: ABC-2000:We're sorry, it looks like an error occurred while getting information" I want to take the ABC_ OR ABC- error codes and have a report based on that which should look like this ABC Codes message counts ABC_1000 We're sorry, it looks like an error occurred while getting information 3 ABC-2000 We're sorry, it looks like an error occurred while getting information 5
0 Karma
Reply
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...

Auto-Injector for Everything Else: Making OpenTelemetry Truly Universal

You might have seen Splunk’s recent announcement about donating the OpenTelemetry Injector to the ...