Solved: Re: I have to extract field by using rex

lucky · ‎07-18-2023

Hi

I need regular expression to extract field "timed out " by using below log ....

"Description":"Job-2069950 Error in [InfrastructureServices/Dispatcher/Interface/MQ_InterfaceDispatcher.process/JMS Queue Requestor]\nActivity timed out\n\tat com.tibco.pe.core.

please help to write regular expression by using rex command ...

bowesmana · ‎09-03-2023

https://regex101.com/

https://www.regexbuddy.com/

View solution in original post

lucky · ‎09-05-2023

HI team ,

let me know please
how can I get cpu amd memory usage by index and API

lucky · ‎09-03-2023

how to down load debugrex ..command sheet

please provide link

bowesmana · ‎09-03-2023

https://regex101.com/

https://www.regexbuddy.com/

lucky · ‎09-04-2023

thanks for it....

but I need to REX not for REGEX

ITWhisperer · ‎09-04-2023

@lucky regex is short for regular expression

regex101.com and regexbuddy.com (as provided by @bowesmana ) are both sites which provide ways of testing regular expressions (regex)

In Splunk, the rex and regex commands both use regular expressions (as do other functions in Splunk). Whether you want rex or regex, both the sites mentioned are useful tools for working out what your particular regex should be.

rex - Splunk Documentation

regex - Splunk Documentation

lucky · ‎09-05-2023

Hi

please help below

message : httpStatusCode=300 method=GET uri=/ralt/gart/readyness uuid=-

need uri field

ITWhisperer · ‎09-05-2023

Try something like this

| rex "uri=(?<uri>\S+)"

lucky · ‎09-10-2023

HI

"citiuuid":"3faa9e6e-c66d-4e52-898e-207219e87d9a","uriTemplate":"/v1/security/onlineBanking/registrations/status","method":"GET","apiStartTimestamp":1694413789916,

I need to extract uriTemplate field

please help on this

inventsekar · ‎09-11-2023

Hi @lucky .. for the rex beginners, i have created this youtube playlist.. pls check it, thanks. .

https://www.youtube.com/watch?v=rXT35CnWorw&list=PLIJcAov3YzES8PJSX8gZ8cTHWsjh8KeyG

Youtube channel link is:

https://www.youtube.com/@SiemNewbies101

ITWhisperer · ‎09-10-2023

| rex "uriTemplate\":\"(?<uri>[^\"]+)"

lucky · ‎09-05-2023

thanks.....

please help below

message:

(loggingfilterresults) - GET|/ready/term/planess|||||||metrics

need uri field

ITWhisperer · ‎09-05-2023

Which part is the uri field?

lucky · ‎09-05-2023

/ready/term/planess

ITWhisperer · ‎09-05-2023

| rex "(?<uri>/ready/term/planess)"

lucky · ‎09-05-2023

thanks

but I have number of uri's

same pattern

ITWhisperer · ‎09-05-2023

What is the pattern? Please describe it in more detail. (Regular expressions work by finding patterns but you have to be able to precisely describe the pattern.)

lucky · ‎07-19-2023

thanks ....

we need a chart showing the timeout errors per Country...

can you please help on this

gcusello · ‎09-05-2023

Hi @lucky ,

good for you, see next time!

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated by all the contributors 😉

ITWhisperer · ‎07-19-2023

<your search> "Activity timed out"
| stats count by country

lucky · ‎07-19-2023

thanks......

I need show linechart ...

X -axis success percentage
y-axis time
with respect to country code wise

How to extract field using rex?

regex

rex

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

May 2026 Splunk Expert Sessions: Security & Observability

Network to App: Observability Unlocked [May & June Series]

SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...

Join the Conversation