Solved: How do you extract the number of orders processed?

orchapellico · ‎12-26-2018

I am trying to use regex to get the number of orders processed in the example below.

Number for orders processed: 36
Time for Picking Wave in Secs: 29 secs
Time for label printing in Secs: 2 secs
Time for entire wave in Secs: 37 secs

I am using this but not seeing why is it isn't working.

rex field=_raw "Number for orders processed"\:\s"(?)\s(\d+)"

richgalloway · ‎12-26-2018

When writing SPL in an Answers posting, be sure to surround the query in backticks (`) so the content is preserved.

Your rex command looks close, but not quite there. Try this. It looks for the label text followed by a colon and at least one space. It then looks for at least one digit and puts what it finds in the 'orders' field.

rex "Number for orders processed:\s+(?<orders>\d+)"

regex101.com is an excellent resource for testing regular expressions.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

richgalloway · ‎12-26-2018

When writing SPL in an Answers posting, be sure to surround the query in backticks (`) so the content is preserved.

Your rex command looks close, but not quite there. Try this. It looks for the label text followed by a colon and at least one space. It then looks for at least one digit and puts what it finds in the 'orders' field.

rex "Number for orders processed:\s+(?<orders>\d+)"

regex101.com is an excellent resource for testing regular expressions.

---
If this reply helps you, Karma would be appreciated.

orchapellico · ‎12-26-2018

Thank you that is what I needed and makes more sense, I was close on this.

How do you extract the number of orders processed?

.conf24 | Day 0

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

Troubleshooting the OpenTelemetry Collector