Datas are not getting parsed after giving table na...

Splunk-Star · ‎03-02-2024

Please let me know the correct data extraction?

index=* "Unknown message for StatusConsumer" topicId marshall
| rex field=_raw "\"topicId\":\"(?<topicId>\d+)\""
| table topicId

Datas are not getting parsed after giving table name on splunk query.

Splunk-Star · ‎03-12-2024

regex was not applied correctly thats why it was not extracting the data.

Thank you

bowesmana · ‎03-03-2024

Please post an example of your data containing topicid

scelikok · ‎03-02-2024

Hi @Splunk-Star,

After using table or stats commands Splunk shows only outputs of these commands. This does not mean they are not extracted. If you need to access other fields, add them to the table command.

If this reply helps you an upvote and "Accept as Solution" is appreciated.

Datas are not getting parsed after giving table name on splunk query.

field extraction

regex

rex

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

May 2026 Splunk Expert Sessions: Security & Observability

Network to App: Observability Unlocked [May & June Series]

Join the Conversation

Datas are not getting parsed after giving table name on splunk query.

field extraction

regex

rex

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

May 2026 Splunk Expert Sessions: Security & Observability

Network to App: Observability Unlocked [May & June Series]