Splunk Search
Highlighted

How to extract the application name from the log file path or process in a search?

New Member

My goal is to create an application list running from all servers in the form of table.

index=unix* host=* sourcetype=ps  user="*" user=* NOT user=root

This way I am getting all the processes owned by nonroot users. I am trying to identify application name (web,app and db) apache(with /app/apache/"application name", jboss application name (/app/jboss/servers/"app name" and db name (pmon).

To all experts, is there any way to extract application/db name (web/app/db) using single search so that it can be presented as a table?

Table format:

Hostname Webname Applicationname DBname

0 Karma
Highlighted

Re: How to extract the application name from the log file path or process in a search?

Esteemed Legend

Try this:

... | rex field=_source "/(?:(?:app/apache)|(?:app/jboss/servers)/(?<app>[^\]*)
0 Karma
Highlighted

Re: How to extract the application name from the log file path or process in a search?

try this:

   index=myindex | eval [rest /services/search/jobs splunk_server=local | addinfo | where sid = info_sid | rename eai:acl.app as my_app_name | return my_app_name]
0 Karma
Highlighted

Re: How to extract the application name from the log file path or process in a search?

New Member

Please provide some small piece of logger to create exact regex

0 Karma
Speak Up for Splunk Careers!

We want to better understand the impact Splunk experience and expertise has has on individuals' careers, and help highlight the growing demand for Splunk skills.