Filter based on that then.

I don't see language:eng in there.

its not in this. its coming as one of the tags in the response

like language:eng LocalizedMessage:

I can't tell you how to use your data if you don't post your data.

this is the o/p of one of the field:

Angef
El estado del contrato solicitado no se recuper
Le statut de contrat demand
O status do contrato solicitado n
Requested status was not retrieved

Here i want to show just the last one

Filter by language:eng then?

Should i use mvfilter(language:eng)? but this will not work right? Can you pls help me with this and language:eng comes as a separate entity

I don't think there is a language detection function in Splunk.
Do your original events have a language field?

Hi, yes in response "language:eng" comes for english language. For spanish it would be "language"spa"

You can use any boolean eval expression inside mvfilter(), including regex match().

Hi Martin,

Thanks but it would be again a difficult taskk since other languages will contain letters as well.

One of the o/p is:
Angef
El estado del contrato solicitado no se recuper
Le statut de contrat demand
O status do contrato solicitado n
Requested status was not retrieved

From above o/p i want to extract the english one which is the last one

Hi Thanks for your response. But eng is not a fixed word. The error messages are coming in diff languages and m clubing them together as per the error code. Now in the error messages column i dont want to show all the messages from each and every language but just show the english language message. In the response language:eng is coming for english.