Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do you extract the value of output quality from the log below?

abhishekgandhe
Explorer
‎10-28-2018 11:21 PM

I want to extract the value of Output Quality from the below log.

Critical-Lab checkRcReady for batchId ==>9a508f01-4e93-4d76-9a9d-fe1cf8bd0550==true :: Output Quality 0.0%"

Output Quality is 0.0%. I want to extract this value. How do you do it with regex?

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

inventsekar
SplunkTrust
SplunkTrust
‎10-29-2018 04:16 AM

Update- included the max_match - 

| makeresults | eval logs = "batchId ==>ceba8481-7806-4b03-a8c9-811bdc340a05==true :: Output Quality 7.2%
batchId ==>04b0800f-74e2-4522-bfd0-9621af9d4536==true :: Output Quality 9.5%
batchId ==>d66872a1-4cf7-433c-a86d-d7ac097537d8==true :: Output Quality 34.28%
batchId ==>3d4606ec-f607-4187-9f58-47d88f99ac0a==true :: Output Quality 90.34%"
 | rex field=logs max_match=0 "Output Quality (?P<Quality>\d+\.\d+\%)" | table Quality logs

alt text

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !

View solution in original post

Preview file
124 KB
0 Karma
Reply
Solved! Jump to solution
Solution

inventsekar
SplunkTrust
SplunkTrust
‎10-29-2018 04:16 AM

Update- included the max_match - 

| makeresults | eval logs = "batchId ==>ceba8481-7806-4b03-a8c9-811bdc340a05==true :: Output Quality 7.2%
batchId ==>04b0800f-74e2-4522-bfd0-9621af9d4536==true :: Output Quality 9.5%
batchId ==>d66872a1-4cf7-433c-a86d-d7ac097537d8==true :: Output Quality 34.28%
batchId ==>3d4606ec-f607-4187-9f58-47d88f99ac0a==true :: Output Quality 90.34%"
 | rex field=logs max_match=0 "Output Quality (?P<Quality>\d+\.\d+\%)" | table Quality logs

alt text

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !
Preview file
124 KB
0 Karma
Reply
Solved! Jump to solution

abhishekgandhe
Explorer
‎10-29-2018 11:43 PM

I just don't have 4 lines, but there are multiple lines. How to write one REGEX.
I tried below REGEX, but could not got the desired result.

index="cpsprod" sourcetype="mscs:storage:blob:cps-qa-rc-calc" "batchId ==>""==true :: Output Quality" | rex field=logs max_match=0 "Output Quality (?P\d+.\d+\%)" | table Quality

0 Karma
Reply
Solved! Jump to solution

inventsekar
SplunkTrust
SplunkTrust
‎10-30-2018 02:21 AM

rex field=logs max_match=0

You should use the field which contains the logs.. or "_raw"

rex field=_raw max_match=0

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !
0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...