Splunk Search
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- How to export the key and values in a CSV format
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to export the key and values in a CSV format
harishhari390
New Member
02-25-2020
07:26 AM
cf_app_id: *****************88
cf_app_name: ***********888
cf_ignored_app: false
cf_org_id: ***************88888888888888
cf_org_name: USA.MRCH.APP.UCOMM.CAT
cf_origin: firehose
cf_space_id: ***************88888888888888
cf_space_name:
deployment: ******************88888888888888
event_type: LogMessage
info_splunk_index: null
ip: 10.183.40.145
job: diego_cell
job_index: acb0c570-3322-4273-9704-22c54adb8894
message_type: OUT
msg: date=2020-02-25 06:28:05,346 severity=INFO service=ucom-payment-services partnerId=FP_WALLET_US walletId=FP_SERVER X-B3-TraceId=29157c3fe87e4f3dbfce5608e4ef7b55 X-B3-SpanId=c3e9b5b4f4266d84 logger=c.f.u.p.s.c.RequestPayloadMerger message=validateFundingSource value : true pid=23 thread=http-nio-8080-exec-3
origin: rep
source_instance: 1
source_type: APP/PROC/WEB
timestamp: 1582630085346462700
Now
1. How could I extract the cf_app_name -> msg field and extract the partnerid, trace id, and( eg: request and response data, which consists of body fields-Method type, etc.
2. Once extracted the Key and value of the fields from cf-app_name, I need to export the key and values in a csv format, which we use for validation in JMeter or with Macros. That's the plan, Can someone with adequate knowledge show us some light on this. Please your support is appreciated.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
to4kawa
Ultra Champion
02-25-2020
11:46 AM
|makeresults
| eval _raw="cf_app_id: 88
cf_app_name: 888
cf_ignored_app: false
cf_org_id: 88888888888888
cf_org_name: USA.MRCH.APP.UCOMM.CAT
cf_origin: firehose
cf_space_id: 88888888888888
cf_space_name:
deployment: ****88888888888888
event_type: LogMessage
info_splunk_index: null
ip: 10.183.40.145
job: diego_cell
job_index: acb0c570-3322-4273-9704-22c54adb8894
message_type: OUT
msg: date=2020-02-25 06:28:05,346 severity=INFO service=ucom-payment-services partnerId=FP_WALLET_US walletId=FP_SERVER X-B3-TraceId=29157c3fe87e4f3dbfce5608e4ef7b55 X-B3-SpanId=c3e9b5b4f4266d84 logger=c.f.u.p.s.c.RequestPayloadMerger message=validateFundingSource value : true pid=23 thread=http-nio-8080-exec-3
origin: rep
source_instance: 1
source_type: APP/PROC/WEB
timestamp: 1582630085346462700"
| rex max_match=0 "(?<key>.*?): (?<value>.*)"
| eval _raw=mvzip(key,value,"=")
| kv
| fields - _* key value
| eval date=mvindex(split(msg,"="),1)
| fields - msg
| table * X_B3_SpanId X_B3_TraceId
Get Updates on the Splunk Community!
Index This | What goes away as soon as you talk about it?
May 2025 Edition
Hayyy Splunk Education Enthusiasts and the Eternally Curious!
We’re back with this month’s ...
What's New in Splunk Observability Cloud and Splunk AppDynamics - May 2025
This month, we’re delivering several new innovations in Splunk Observability Cloud and Splunk AppDynamics ...
Getting Started with Splunk Artificial Intelligence, Insights for Nonprofits, and ...
Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...
