Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Field Extractor Utility: Why am I getting error "The extraction failed. If you are extracting multiple fields, try removing one or more fields..."?

Rotema
Path Finder
‎11-09-2015 11:56 PM

Hi,

I Have the following event in Splunk:

Message=WriteLoadTimeToLog at offset 259 in file:line:column <filename unknown>:0:0 message: Page URL:https://dudu.dudu.com/contentshow.aspx?id=5333493&type=2 Total page load time:4.6264926s [Server side load time:0.0624926s; Client side load time:4.564s] Objects load time:[ customer:1.27s customerContact:0.165s customerFinance:0.285s customerActivities:1.089s customerToolsActivities:3.34s customerSystemActivities:4.478s customerOffersHistory:4.08s customerReceivedEmails:2.622s customerDeposits:1.635s customerWithdrawals:3.249s contactLeads:2.841s relatedCustomer:0.002s customerCrtmEvents:0s customerContactActivities:0.001s customerDemoAccounts:0s customerSentEmails:0.001s customerAssignHistory:0s customerSerialInfo:0s emailMarketing:0s ]

I'm trying to extract a new field with the Field Extractor utility, so I highlighted Total page load time:, but I'm getting the error:

The extraction failed. If you are extracting multiple fields, try removing one or more fields. Start with extractions that are embedded within longer text strings

Can anyone help?
Thanks in advance,
Rotem

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

sundareshr
Legend
‎11-10-2015 10:21 AM

Rotem

I had answered this question before. Here's the explanation. For what you need, you can use a regex to extract the field. Try this regex Total page load time:(?[\d\.]+) in the field extractor.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

sundareshr
Legend
‎11-10-2015 10:21 AM

Rotem

I had answered this question before. Here's the explanation. For what you need, you can use a regex to extract the field. Try this regex Total page load time:(?[\d\.]+) in the field extractor.

0 Karma
Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...