Splunk Search

How to extract field using rex?

lucky
Explorer

Hi 

I need regular expression to extract field "timed out " by using below log ....

"Description":"Job-2069950 Error in [InfrastructureServices/Dispatcher/Interface/MQ_InterfaceDispatcher.process/JMS Queue Requestor]\nActivity timed out\n\tat com.tibco.pe.core. 

 

please help to write regular expression by using rex command  ...

Labels (2)
Tags (2)
0 Karma
1 Solution

lucky
Explorer

HI team ,

 

let me know please 
how can I get cpu amd memory usage by index and API 

0 Karma

lucky
Explorer

how to down load debugrex ..command sheet 

please provide link 

0 Karma

bowesmana
SplunkTrust
SplunkTrust
0 Karma

lucky
Explorer

thanks for it....

 

but I need to REX not for REGEX

0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

@lucky regex is short for regular expression

regex101.com and regexbuddy.com (as provided by @bowesmana ) are both sites which provide ways of testing regular expressions (regex)

In Splunk, the rex and regex commands both use regular expressions (as do other functions in Splunk). Whether you want rex or regex, both the sites mentioned are useful tools for working out what your particular regex should be.

rex - Splunk Documentation

regex - Splunk Documentation

0 Karma

lucky
Explorer

Hi 

please help below 

message :   httpStatusCode=300 method=GET uri=/ralt/gart/readyness uuid=-

need uri field

 

0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

Try something like this

 

| rex "uri=(?<uri>\S+)"

 

0 Karma

lucky
Explorer

HI 

"citiuuid":"3faa9e6e-c66d-4e52-898e-207219e87d9a","uriTemplate":"/v1/security/onlineBanking/registrations/status","method":"GET","apiStartTimestamp":1694413789916,

 

I need to extract uriTemplate  field 

please help on this 

0 Karma

inventsekar
SplunkTrust
SplunkTrust

Hi @lucky .. for the rex beginners, i have created this youtube playlist.. pls check it, thanks. .

https://www.youtube.com/watch?v=rXT35CnWorw&list=PLIJcAov3YzES8PJSX8gZ8cTHWsjh8KeyG

 

Youtube channel link is:

https://www.youtube.com/@SiemNewbies101

 

ITWhisperer
SplunkTrust
SplunkTrust
| rex "uriTemplate\":\"(?<uri>[^\"]+)"
0 Karma

lucky
Explorer

thanks.....

 

please help below 

message: 

(loggingfilterresults) - GET|/ready/term/planess|||||||metrics

need uri field

0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

Which part is the uri field?

0 Karma

lucky
Explorer

/ready/term/planess

0 Karma

ITWhisperer
SplunkTrust
SplunkTrust
| rex "(?<uri>/ready/term/planess)"
0 Karma

lucky
Explorer

thanks 

 

but I have number of uri's

same pattern

0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

What is the pattern? Please describe it in more detail. (Regular expressions work by finding patterns but you have to be able to precisely describe the pattern.)

0 Karma

lucky
Explorer

thanks ....

 we need a chart showing the timeout errors per Country...

can you please help on this 

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @lucky ,

good for you, see next time!

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated by all the contributors 😉

0 Karma

ITWhisperer
SplunkTrust
SplunkTrust
<your search> "Activity timed out"
| stats count by country
0 Karma

lucky
Explorer

thanks......

 

I need show  linechart ...

X -axis   success percentage 
y-axis     time 
with respect to country code wise 

0 Karma
Get Updates on the Splunk Community!

Splunk is Nurturing Tomorrow’s Cybersecurity Leaders Today

Meet Carol Wright. She leads the Splunk Academic Alliance program at Splunk. The Splunk Academic Alliance ...

Part 2: A Guide to Maximizing Splunk IT Service Intelligence

Welcome to the second segment of our guide. In Part 1, we covered the essentials of getting started with ITSI ...

Part 1: A Guide to Maximizing Splunk IT Service Intelligence

As modern IT environments continue to grow in complexity and speed, the ability to efficiently manage and ...