Splunk Search

Can you help me create a regex to extract a value from an event?

zacksoft
Contributor

Below is a sample event. I could use some help in regex in fetching the value "29.3445667" present in the last part of the sentence that starts with [BRU Weak Reference.........

e.g. [BRU Weak Reference, 0.0008795 secs] 17G->12G(18G), 29.3445337 secs]

2018-12-07T14:41:46.129-0500: 358613.141: [Fball FC (Allocation Failure) 
2018-12-07T14:41:55.974-0500: 358622.986: [SoftReference, 101571 refs, 0.0364703 secs]2018-12-07T14:41:56.010-0500: 358623.023: [WeakReference, 70294 refs, 0.0118371 secs]2018-12-07T14:41:56.022-0500: 358623.035: [FinalReference, 3823 refs, 0.0020774 secs]2018-12-07T14:41:56.024-0500: 358623.037: [PhantomReference, 271 refs, 993 refs, 0.0002618 secs]2018-12-07T14:41:56.024-0500: 358623.037: [BRU Weak Reference, 0.0008795 secs]
 17G->12G(18G), 29.3445337 secs]
   [Eden: 0.0B(920.0M)->0.0B(3408.0M) Survivors: 0.0B->0.0B Heap: 17.7G(18.0G)->12.4G(18.0G)], [Metaspace: 683138K->682699K(1738752K)]
 [Times: user=56.84 sys=0.00, real=29.35 secs] 
2018-12-07T14:42:15.475-0500: 358642.487: [GC concurrent-mark-abort]
2018-12-07T14:42:16.327-0500: 358643.339: [GC pause (G1 Evacuation Pause) (young)
Desired survivor size 226492416 bytes, new threshold 15 (max 15)
0 Karma
1 Solution

whrg
Motivator

Hello @zacksoft,

Try this:

BRU Weak Reference,[^,]+,\s+(?<bru_weak_reference>[^\s]+)

You can verify here: regex101.com

View solution in original post

0 Karma

whrg
Motivator

Hello @zacksoft,

Try this:

BRU Weak Reference,[^,]+,\s+(?<bru_weak_reference>[^\s]+)

You can verify here: regex101.com

0 Karma
Get Updates on the Splunk Community!

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

For the past four years, Splunk has partnered with Enterprise Strategy Group to conduct a survey that gauges ...

Data-Driven Success: Splunk & Financial Services

Splunk streamlines the process of extracting insights from large volumes of data. In this fast-paced world, ...