Solved: Re: Extract fields from a list

shashank111v · ‎11-09-2021

How to extract values from below log file using rex?

Log:

{Attribute(name=xyz, values={'1'}), Attribute(name=attempts, values={'2'}), Attribute(name=Count, values={'0'}), Attribute(name=MemberNumber, values={'31234'})}

Result in table:

1 2 0 31234

ITWhisperer · ‎11-09-2021

| rex max_match=0 "\{\'(?<value>[^\']+)\'\}"
| eval name=mvindex(value,0)
| eval attempts=mvindex(value,1)
| eval count=mvindex(value,2)
| eval membernumber=mvindex(value,3)

View solution in original post

shashank111v · ‎11-09-2021

Thank you! But I want to extract four different columns with values related to it.

Name attempts count membernumber

1 2 0 31234

ITWhisperer · ‎11-09-2021

| rex max_match=0 "\{\'(?<value>[^\']+)\'\}"
| eval name=mvindex(value,0)
| eval attempts=mvindex(value,1)
| eval count=mvindex(value,2)
| eval membernumber=mvindex(value,3)

ITWhisperer · ‎11-09-2021

| rex max_match=0 "\{\'(?<value>[^\']+)\'\}"

Extract fields from a list

field extraction

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Index This | What travels the world but is also stuck in place?

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

Join the Conversation