How do I pull text our of a log to create a visual...

roderickjones · ‎10-23-2020

Hi,

This might be a super basic question but I have a log and I need to create a dashboard that represents a value found in each log for that day of a file uploaded and the count of the records

EXAMPLE

: 153 cases created out of 411 import case records for file: clientfile_20201023160218.cdreq.pgp

I need a graph that will pull the "153" out of this raw log each day.

roderickjones · ‎10-23-2020

Oct 23 23:15:08 myhost cdrn-issuer-import: <14>160349490844366260 cdrn-issuer-import com.cdrn.issuer.imports.batch.CdrnVersion3ItemWriter[bdfef334b18c4ee7a91a5b1a9f42656f]: 37 cases created out of 20 import case records for file: VICFT_2020102319_01.txt.pgp

host = myhost
index = syslog
source = /var/log/syslog
sourcetype = syslog

alemarzu · ‎10-23-2020

Hi @roderickjones, can you share an event sample?

Something like this perhaps?

your_base_search
| rex "\]: (?<caseCount>\d+)[\w\s]+(?<importCount>\d+)[^\:]+:\s(?<fileName>[^\s]+)"
| timechart sum(caseCount) as totalCases, sum(importCount) as totalImports span=1d

Sidenote, replace the `sum` function for `values` if you only have 1 file per day.

How do I pull text our of a log to create a visual?

count

metadata

search job inspector

timechart

Can’t make it to .conf25? Join us online!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Unlock What’s Next: The Splunk Cloud Platform at .conf25

Are you a member of the Splunk Community?