thanks for it....

but I need to REX not for REGEX

@lucky regex is short for regular expression

regex101.com and regexbuddy.com (as provided by @bowesmana ) are both sites which provide ways of testing regular expressions (regex)

In Splunk, the rex and regex commands both use regular expressions (as do other functions in Splunk). Whether you want rex or regex, both the sites mentioned are useful tools for working out what your particular regex should be.

rex - Splunk Documentation

regex - Splunk Documentation

Hi 

please help below 

message :   httpStatusCode=300 method=GET uri=/ralt/gart/readyness uuid=-

need uri field

Try something like this

| rex "uri=(?<uri>\S+)"

HI 

"citiuuid":"3faa9e6e-c66d-4e52-898e-207219e87d9a","uriTemplate":"/v1/security/onlineBanking/registrations/status","method":"GET","apiStartTimestamp":1694413789916,

I need to extract uriTemplate  field 

please help on this 

Hi @lucky .. for the rex beginners, i have created this youtube playlist.. pls check it, thanks. .

https://www.youtube.com/watch?v=rXT35CnWorw&list=PLIJcAov3YzES8PJSX8gZ8cTHWsjh8KeyG

Youtube channel link is:

https://www.youtube.com/@SiemNewbies101

| rex "uriTemplate\":\"(?<uri>[^\"]+)"

thanks.....

please help below 

message: 

(loggingfilterresults) - GET|/ready/term/planess|||||||metrics

need uri field

Which part is the uri field?

/ready/term/planess

| rex "(?<uri>/ready/term/planess)"

thanks 

but I have number of uri's

same pattern

What is the pattern? Please describe it in more detail. (Regular expressions work by finding patterns but you have to be able to precisely describe the pattern.)

Hi @lucky ,

good for you, see next time!

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated by all the contributors 😉

<your search> "Activity timed out"
| stats count by country

thanks......

I need show  linechart ...

X -axis   success percentage 
y-axis     time 
with respect to country code wise