- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
gvssaicharan
Engager
04-17-2020
10:30 AM
I built a regular expression to extract fields from a log file. However, after extracting I am not able to display the extracted fields in table format. The regular expression seems to be working online. https://regex101.com/r/ZcYOhG/2
I want to display the extracted fields in a table format. Can someone help me?
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
mayurr98
Super Champion
04-17-2020
11:21 AM
try this:
index=<your_index>
| rex field=_raw "transactionId=(?<transactionId>[^\}]+)\}.*ResourceId\:\s(?<featureName>[^\,]+),.*CPNYID_(?<companyId>\d+)_AID_(?<aPaymentId>\d+)"
| stats count by aPaymentId companyId featureName transactionId
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
mayurr98
Super Champion
04-17-2020
11:21 AM
try this:
index=<your_index>
| rex field=_raw "transactionId=(?<transactionId>[^\}]+)\}.*ResourceId\:\s(?<featureName>[^\,]+),.*CPNYID_(?<companyId>\d+)_AID_(?<aPaymentId>\d+)"
| stats count by aPaymentId companyId featureName transactionId
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
gvssaicharan
Engager
04-17-2020
11:47 AM
Thank you for the quick reply. It worked well.
Can you explain why the same regex did not worked in splunk as is.
You made little tweaks in the expression.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
mayurr98
Super Champion
04-17-2020
11:17 AM
whats the query you are using to display the fields in table format?
