Splunk Search

How to extract a value into a field from a string?

New Member

I have this string :
Leaving className=com.vsp.il.drools.business.spring.SpringRulesBusinessImpl. processRequest(com.vsp.claim.validatedclaim.service.limitation.model.ServiceLimitationValidationRequest@5462cb51):runningtime=4ms.

I want to chart the time consumption per ruleset where ruleset is ServiceLimitationValidation

I am new to splunk and I am thinking I need to use regex and a timechart to get there. But I am not able to get the correct syntax.

Appreciate any help !

0 Karma


This should get you started. It puts 'ServiceLimitationValidationRequest' into field 'ruleset' and '4' into field 'runningtime'.

your base search | rex "processRequest\(.*?(?<ruleset>\w*)@.*\):runningtime=(?<runningtime>\d+)" | ...
If this reply helps you, an upvote would be appreciated.
0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!