Solved: Help with Regex to extract values inside of the []

napoleon182 · ‎10-02-2022

Good afternoon Splunk ninjas, i will require your assistance in designing regex that will help me take the values inside of the [] brackets, my sample log line:

2022-09-23T13:20:25.765+01:00 [29] WARN  Core.ErrorResponse - {} - Error message being sent to user with Http Status code: BadRequest:
{"Details":[{"Code":50,"FieldName":"myfield","Message":"Please supply the value of my field","Detail":null}],"Message":"Sorry, we're unable to process your request. Please check your details and try again.","UserMessage":null,"Code":1,"Explanation":null,"Resolution":null,"Category":2}

I'm interested in filtering for the values of Details: code, FieldName, Message and Detail, many thanks for your help!

ITWhisperer · ‎10-02-2022

| rex "\[(?<details>\{.*\})\]"
| spath input=details

View solution in original post

ITWhisperer · ‎10-02-2022

| rex "\[(?<details>\{.*\})\]"
| spath input=details

napoleon182 · ‎10-03-2022

Thank you so much, this has worked, marking it as resolution

Help with Regex to extract values inside of the []

regex

Platform Newsletter Highlights | March 2023

Enterprise Security Content Updates (ESCU) - New Releases

Thought Leaders are Validating Your Hard Work and Training Rigor