Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Highlighted

How to extract the application name from the log file path or process in a search?

vikasshinde
New Member
‎04-06-2015 05:59 PM

My goal is to create an application list running from all servers in the form of table.

index=unix* host=* sourcetype=ps  user="*" user=* NOT user=root

This way I am getting all the processes owned by nonroot users. I am trying to identify application name (web,app and db) apache(with /app/apache/"application name", jboss application name (/app/jboss/servers/"app name" and db name (pmon).

To all experts, is there any way to extract application/db name (web/app/db) using single search so that it can be presented as a table?

Table format:

Hostname Webname Applicationname DBname

0 Karma
Reply
Highlighted

Re: How to extract the application name from the log file path or process in a search?

woodcock
Esteemed Legend
‎05-13-2015 08:28 AM

Try this:

... | rex field=_source "/(?:(?:app/apache)|(?:app/jboss/servers)/(?<app>[^\]*)
0 Karma
Reply
Highlighted

Re: How to extract the application name from the log file path or process in a search?

stephane_cyrill
Builder
‎05-13-2015 09:17 AM

try this:

   index=myindex | eval [rest /services/search/jobs splunk_server=local | addinfo | where sid = info_sid | rename eai:acl.app as my_app_name | return my_app_name]
0 Karma
Reply
Highlighted

Re: How to extract the application name from the log file path or process in a search?

regexcracker
New Member
‎05-13-2015 11:23 AM

Please provide some small piece of logger to create exact regex

0 Karma
Reply
Speak Up for Splunk Careers!

We want to better understand the impact Splunk experience and expertise has has on individuals' careers, and help highlight the growing demand for Splunk skills.