Splunk Search

Help with Field Extraction Using Regex

MaddyRaj
Engager

I have 2 requests here.

I am trying to extract and create a new field from logs.

Logs for request 1:

 

 

2023-06-30 02:36:32 [INFO] [c6ea0e48-e793-4c35-893e-ff1f253dbca0] {"method":"GET","path":"/api/v2/organizations/infrastructure/workspaces","format":"jsonapi","status":200,"duration":377.88,"view":263.86,"db":65.86,"uuid":"c6ea0e48-e793-4c35-893e-ff1f253dbca0","remote_ip":"10.37.23.55, 10.218.136.20","request_id":"c6ea0e48-e793-4c35-893e-ff1f253dbca0","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36","user":"iamtfeprdadmin","organization":"infrastructure","dd"

 

 

Here I want to extract & create a new field "status"

Example: status=200

 

Request 2 Logs:

 

 

10.218.136.20 - - [30/Jun/2023:02:36:32 +0000] "GET /api/v2/runs/run-HtzBcKEKf8x75mVe/run-events?include=comment%2Cactor HTTP/1.1" 304 0 "https://terraform.srv.companyname.com.au/app/customer/workspaces/a01300-tfe-dev01-customer_infra_azure/runs/run-HtzBcKEKf8x75mVe" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36"

 

 

 Here I want to extract & create a new field "org"

Example: org=customer

(Result of the org is next to app. ie. companyname.com.au/app/customer)

Please help

0 Karma
1 Solution

ITWhisperer
SplunkTrust
SplunkTrust
| rex "status\":(?<status>\d+)"
| rex "\/app\/(?<org>[^\/]+)"

View solution in original post

ITWhisperer
SplunkTrust
SplunkTrust
| rex "status\":(?<status>\d+)"
| rex "\/app\/(?<org>[^\/]+)"
Get Updates on the Splunk Community!

AppDynamics Summer Webinars

This summer, our mighty AppDynamics team is cooking up some delicious content on YouTube Live to satiate your ...

SOCin’ it to you at Splunk University

Splunk University is expanding its instructor-led learning portfolio with dedicated Security tracks at .conf25 ...

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

Organizations handling credit card transactions know that PCI DSS compliance is both critical and complex. The ...