Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Get the specific string from the line

harshal_chakran
Builder
‎10-08-2013 02:12 AM

Hi,
I wanted to know is it possible to get a string at specific location from a line.

for e.g.
My line is:

STEP LOGVAL      error_Func_value/error function value      10:04:06.085         doorstep: get the directive

Now I want to show this string "10:04:06.085" as my result.

Please help.

Tags (2)
0 Karma
Reply

kristian_kolb
Ultra Champion
‎10-08-2013 02:27 AM

Is this what your actual log looks like? How are the pieces of information separated? Multiple spaces? tabs?

Assuming you have a separator of 6 spaces, like in your sample above, you can extract the the time information into a field called TimeStamp like this;

your base search | rex "\s{6}(?<TimeStamp>\d\d:\d\d:\d\d\.\d\d\d)\s{6}" | the rest of your search

Hope this helps,

K

0 Karma
Reply

kristian_kolb
Ultra Champion
‎10-08-2013 06:24 AM

"highlights the sourcetype"? I don't understand. Try this, somewhat shorter regex;

...| rex "\s{3,}(?<TimeStamp>[0-9.:]+)\s{3,}" | table TimeStamp

The last table command is just for verification purposes. Remove it if the extraction works.

0 Karma
Reply

harshal_chakran
Builder
‎10-08-2013 05:27 AM

Hi,
Thanks for the help.
But when I run this query, it highlights only the sourcetype, and what I want is to get that timestamp at output. I have tried to tweak the query, but couldn't succeed.

And the pieces of information is separated by multiple spaces.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk App for Anomaly Detection End of Life Announcment

Q: What is happening to the Splunk App for Anomaly Detection?A: Splunk is officially announcing the ...

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...
Top