How to extract field values in a search and format...

akash_akkis · ‎09-05-2014

Hi I am new to splunk I wanted to extract data from logs that have a particular string with a value and only return data the logs format I have searched in below format

   ID: 2999
   Payload: {"Audit":{"__queryElapsedTime":"267","__requestReceived":"2014.09.04 06:01:04.560
   Address: sdfjkjsdljsjdjjkljsd";k;lklsdk

I wanted to search ID , Payload , Address and list in table format

 ID            Address                 Payload
2999     sdjsdjj;'lkdfj;ksfdk        {"Audit":{"queryElapsedTime":"267","requestReceivePlease

help me I am stuck with prod issue.

tom_frotscher · ‎09-05-2014

Hi!

If the above is what your events look like you should be able to do the field extraction with an regular expression. Your search would then look something like:

...| rex "ID:\s+(?<ID>\d+)\s+Payload:\s+(?<Payload>.*)\s+Address:\s+(?<Address>.*)$" | table ID Payload Address

Greetings

Tom

akash_akkis · ‎09-05-2014

Hey Tom thanks for the answer but data is not populated in Table giving blank result

How to extract field values in a search and format in a table?

Splunk Observability for AI

[Puzzles] Solve, Learn, Repeat: Dereferencing XML to Fixed-length events

Stay Connected: Your Guide to December Tech Talks, Office Hours, and Webinars!

Join the Conversation

How to extract field values in a search and format in a table?

Splunk Observability for AI

[Puzzles] Solve, Learn, Repeat: Dereferencing XML to Fixed-length events

Stay Connected: Your Guide to December Tech Talks, Office Hours, and Webinars!