Splunk Search

How can I extract this string from a value in my sample log?

rakeshkumar_sah
New Member

Hi,

I have logs followed with a structure like this:

start Performance Logging: [txID=123456789-EJBClientf123456789-EJBServerf12456789;funtion=getClientValue]

How can I extract the EJBServerf12356789 values from txID?

Thanks for the response.

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Rex can do the job. The following will break the txID field into three parts which you can then process.

... | rex field=txID "(?P<txID1>.*)-(?P<txID2>.*)-(?P<txID3>[^;]*)" | ...
---
If this reply helps you, Karma would be appreciated.
Get Updates on the Splunk Community!

Pro Tips for First-Time .conf Attendees: Advice from SplunkTrust

Heading to your first .Conf? You’re in for an unforgettable ride — learning, networking, swag collecting, ...

Raise Your Skills at the .conf25 Builder Bar: Your Splunk Developer Destination

Calling all Splunk developers, custom SPL builders, dashboarders, and Splunkbase app creators – the Builder ...

Hunt Smarter, Not Harder: Discover New SPL “Recipes” in Our Threat Hunting Webinar

Are you ready to take your threat hunting skills to the next level? As Splunk community members, you know the ...