I have a log which looks like follows:
||pool-2-thread-1|| INFO com.tmobile.sfdc.reports.service.OpportunityService - OPPORTUNITY_JOB: List size: 41
||pool-2-thread-1|| INFO com.tmobile.sfdc.reports.service.OpportunityService - OPPORTUNITY_JOB: List size: 140
I want to get the sum of the numbers(140+41+..), And I have tried the below query
base search| rex field=_raw "List size\"\:\"(?<size>[^\"]+)" | stats sum(size)
But it returns nothing. Can anyone please suggest me what am doing wrong.
How about this:
base search
| rex field=_raw "List size:\s(?<size>\d+)"
| stats sum(size)
Here's a working demo based on your data above:
https://regex101.com/r/LifiVU/1/
How about this:
base search
| rex field=_raw "List size:\s(?<size>\d+)"
| stats sum(size)
Here's a working demo based on your data above:
https://regex101.com/r/LifiVU/1/
@elliotproebstel how can change the above query if it is the date. For eg: if I contains the log like
||pool-2-thread-1|| INFO com.tmobile.sfdc.reports.batch.listener.OrderJobListener - ORDER_JOB: ACTIVE at START_TIME: 2018-05-07T06:04:46.087Z
and I want to get the value "2018-05-07T06:04:46.087Z"
How about this:
base search
| rex field=_raw "(?<date>[^ ]+$)"
Here's a demo:
https://regex101.com/r/Y06SsX/1
This regex is collecting everything between the last space and the end of the line and assigning it to a field called date
.