Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to filter an word from a string using SPL?

ABHAYA
Path Finder
‎03-21-2023 03:51 AM

e.g. input : CustomerService API call compeled in 105 ms Expected output : Customerservice  105 (in some graphical reprentation)

Labels (4)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎03-21-2023 06:15 AM

Did you include the '+' after the '\d'?

View solution in original post

Reply
Solved! Jump to solution

ABHAYA
Path Finder
‎03-28-2023 05:02 AM

@ITWhisperer  How can we remove specific  service from the result of splunk query. Our splunk query gives below result but we dont want ExampleService in our response . How can we remove using SPL.

We tried Servicename !=ExampleService. it is not working .Please suggest what need to be done here?

e.g. Input : customerservice  56 ms.

                     ExampleService   12  ms

 

Expected output  customerservice  56.

 

0 Karma
Reply
Solved! Jump to solution

ITWhisperer
SplunkTrust
SplunkTrust
‎03-28-2023 05:05 AM

Exactly what did you try - please share your SPL search

0 Karma
Reply
Solved! Jump to solution

ABHAYA
Path Finder
‎03-29-2023 03:06 AM

@ITWhisperer  I  got expected result by ServiceName != <value_to_be_added> in the last of SPL query. Thank you for your response.

0 Karma
Reply
Solved! Jump to solution

ABHAYA
Path Finder
‎03-24-2023 03:31 AM

@ITWhisperer  Thanks. The solution provided by you worked for me.How can we  find the average time for each service call.

e.g. Input : customerservice it2-customer.com completed in 10 ms.

                    customerservice it2-customer.com   completed in 8 ms

Expected output:  customerservice   9.

 

0 Karma
Reply
Solved! Jump to solution

ITWhisperer
SplunkTrust
SplunkTrust
‎03-24-2023 03:47 AM 
| stats avg(completion_time) as avg_completion_time by API
Reply
Solved! Jump to solution

ABHAYA
Path Finder
‎03-21-2023 06:08 AM

It is returning only the 1st digit of the number not the whole number. for e.g. returning 1 for 105.is there  any  way to improve  above  query.

0 Karma
Reply
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎03-21-2023 06:15 AM

Did you include the '+' after the '\d'?

Reply
Solved! Jump to solution

ITWhisperer
SplunkTrust
SplunkTrust
‎03-21-2023 05:21 AM 
| rex "(?<API>\w+) API call completed in (?<completion_time>\d+) ms"
0 Karma
Reply
Solved! Jump to solution

ABHAYA
Path Finder
‎03-23-2023 03:10 AM

@ITWhisperer  Thanks. The solution provided by you worked for me. but if the host name contains ip which contains number e.g.it2 or uat2 so it returns first number which is wrong. is it  better way to find a  number which is present in  before specific word like ms.

e.g. Input : customerservice it2-customer.com completed in 56 ms.

Expected output  customerservice  56.

Current output  customerservice 2.

0 Karma
Reply
Solved! Jump to solution

ITWhisperer
SplunkTrust
SplunkTrust
‎03-23-2023 04:17 AM 
| makeresults 
| eval _raw="customerservice it2-customer.com completed in 56 ms."
| rex "(?<API>\S+) completed in (?<completion_time>\d+) ms"
Reply
Get Updates on the Splunk Community!

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...

Combine Multiline Logs into a Single Event with SOCK: a Step-by-Step Guide for ...

Combine multiline logs into a single event with SOCK - a step-by-step guide for newbies Olga Malita The ...