Solved: How do i regex the numbers for the following hung ...

prakash007 · ‎08-09-2016

Looking for a regex in 612,200(threadDuration) and 3(no.of.Threads) for the log message below...

WSVR0605W: Thread “WebContainer : 1” has been active for 612,000 milliseconds and may be hung. There are 3 threads in total in the server that may be hung.

skoelpin · ‎08-09-2016

Here's a regex that will extract the number of ms

The field is called Time

... | rex (?P<Time>(?<=been\sactive\sfor\s)\d+\,\d+(?=\smilliseconds))

Here's the regex for number of threads which the field is called Threads

... | rex (?P<Threads>(?<=There\sare\s)\d)

View solution in original post

skoelpin · ‎08-09-2016

Here's a regex that will extract the number of ms

The field is called Time

... | rex (?P<Time>(?<=been\sactive\sfor\s)\d+\,\d+(?=\smilliseconds))

Here's the regex for number of threads which the field is called Threads

... | rex (?P<Threads>(?<=There\sare\s)\d)

richgalloway · ‎08-09-2016

This works on regex101.com with your sample event.

... | rex "for (?<threadDuration>[\d,]+).*?(?<threadCount>\d+) threads" | ...

---
If this reply helps you, Karma would be appreciated.

How do i regex the numbers for the following hung thread log message...?

How to send events & findings from AWS to Splunk using Amazon EventBridge

Exciting News: The AppDynamics Community Joins Splunk!

The All New Performance Insights for Splunk

Are you a member of the Splunk Community?

How do i regex the numbers for the following hung thread log message...?

How to send events & findings from AWS to Splunk using Amazon EventBridge

Exciting News: The AppDynamics Community Joins Splunk!

The All New Performance Insights for Splunk