Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Field Extractor Utility: Why am I getting error "The extraction failed. If you are extracting multiple fields, try removing one or more fields..."?

Rotema
Path Finder
‎11-09-2015 11:56 PM

Hi,

I Have the following event in Splunk:

Message=WriteLoadTimeToLog at offset 259 in file:line:column <filename unknown>:0:0 message: Page URL:https://dudu.dudu.com/contentshow.aspx?id=5333493&type=2 Total page load time:4.6264926s [Server side load time:0.0624926s; Client side load time:4.564s] Objects load time:[ customer:1.27s customerContact:0.165s customerFinance:0.285s customerActivities:1.089s customerToolsActivities:3.34s customerSystemActivities:4.478s customerOffersHistory:4.08s customerReceivedEmails:2.622s customerDeposits:1.635s customerWithdrawals:3.249s contactLeads:2.841s relatedCustomer:0.002s customerCrtmEvents:0s customerContactActivities:0.001s customerDemoAccounts:0s customerSentEmails:0.001s customerAssignHistory:0s customerSerialInfo:0s emailMarketing:0s ]

I'm trying to extract a new field with the Field Extractor utility, so I highlighted Total page load time:, but I'm getting the error:

The extraction failed. If you are extracting multiple fields, try removing one or more fields. Start with extractions that are embedded within longer text strings

Can anyone help?
Thanks in advance,
Rotem

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

sundareshr
Legend
‎11-10-2015 10:21 AM

Rotem

I had answered this question before. Here's the explanation. For what you need, you can use a regex to extract the field. Try this regex Total page load time:(?[\d\.]+) in the field extractor.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

sundareshr
Legend
‎11-10-2015 10:21 AM

Rotem

I had answered this question before. Here's the explanation. For what you need, you can use a regex to extract the field. Try this regex Total page load time:(?[\d\.]+) in the field extractor.

0 Karma
Reply
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...