Splunk Search
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do you extract the number of orders processed?

orchapellico
Explorer
‎12-26-2018 10:15 AM

I am trying to use regex to get the number of orders processed in the example below.

Number for orders processed: 36
Time for Picking Wave in Secs: 29 secs
Time for label printing in Secs: 2 secs
Time for entire wave in Secs: 37 secs

I am using this but not seeing why is it isn't working.

rex field=_raw "Number for orders processed"\:\s"(?)\s(\d+)"
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎12-26-2018 11:03 AM

When writing SPL in an Answers posting, be sure to surround the query in backticks (`) so the content is preserved.

Your rex command looks close, but not quite there. Try this. It looks for the label text followed by a colon and at least one space. It then looks for at least one digit and puts what it finds in the 'orders' field.

rex "Number for orders processed:\s+(?<orders>\d+)"

regex101.com is an excellent resource for testing regular expressions.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎12-26-2018 11:03 AM

When writing SPL in an Answers posting, be sure to surround the query in backticks (`) so the content is preserved.

Your rex command looks close, but not quite there. Try this. It looks for the label text followed by a colon and at least one space. It then looks for at least one digit and puts what it finds in the 'orders' field.

rex "Number for orders processed:\s+(?<orders>\d+)"

regex101.com is an excellent resource for testing regular expressions.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Solved! Jump to solution

orchapellico
Explorer
‎12-26-2018 12:26 PM

Thank you that is what I needed and makes more sense, I was close on this.

0 Karma
Reply
Get Updates on the Splunk Community!

Fueling your curiosity with new Splunk ILT and eLearning courses

At Splunk Education, we’re driven by curiosity—both ours and yours! That’s why we’re committed to delivering ...

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Splunk AI Assistant for SPL has transformed how users interact with Splunk, making it easier than ever to ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureOn Demand Now Step boldly into the AI revolution with enhanced security ...
Top