Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Ask a Question

How do I extract a string from my sample log using the rex command?

kumina
New Member
โ€Ž07-06-2015 12:10 AM

How do I extract the string from MSG: till EL from the sample log below using the rex command?

BL: | LL: ERROR | TS: 2015-06-05 13:42:28,544 | AR: RxC_15.01.24.01 | STORE: 09560:wks02 | USER: 0589263 | HOST: wks02 | APPSERVER: rri1rxappa60/10.92.227.28 | MSGID: 09560-wks02-SCRRXDE01NewPrescriptionP-1433526148422: |SC: [com.cvs.rxconnect.web.RxConnectWebEntry.doPost] | MSG: EXCP Error completing service call com.cvs.rxconnect.rx.service.RxFillService.saveAIDetail | java.lang.NullPointerException
                at com.cvs.rxconnect.modeleValue194)
                at com.cvs.rxconnect.ai.boundary.(RxpAdditionalInfoBoundaryImpl.java:331)
                at com.cvs.rxconnect.ai.persistor.(istorImpl.java:9626)
                at com.cvs.rxconnect.ai.service.(AdditionalInfoServiceImpl.java:998)
                at com.cvs.rxconnect.rx.service.R(FillServiceImpl.java:11319)
                at com.cvs.rxconnect.rx.service.Re(<generated>)
                at net.sf.cglib.reflect.FastMethod.invoke(53)

:EL
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
โ€Ž07-06-2015 04:50 AM

This works on regex101.com:

... | rex "(?s)MSG:(?P<string>.*):EL" | ...
---
If this reply helps you, an upvote would be appreciated.
Reply

richgalloway
SplunkTrust
SplunkTrust
โ€Ž07-10-2015 04:52 AM

If this solved your problem, please accept the answer.

---
If this reply helps you, an upvote would be appreciated.
0 Karma
Reply