Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to filter an word from a string using SPL?

ABHAYA
Path Finder
‎03-21-2023 03:51 AM

e.g. input : CustomerService API call compeled in 105 ms Expected output : Customerservice  105 (in some graphical reprentation)

Labels (4)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎03-21-2023 06:15 AM

Did you include the '+' after the '\d'?

View solution in original post

Reply
Solved! Jump to solution

ABHAYA
Path Finder
‎03-28-2023 05:02 AM

@ITWhisperer  How can we remove specific  service from the result of splunk query. Our splunk query gives below result but we dont want ExampleService in our response . How can we remove using SPL.

We tried Servicename !=ExampleService. it is not working .Please suggest what need to be done here?

e.g. Input : customerservice  56 ms.

                     ExampleService   12  ms

 

Expected output  customerservice  56.

 

0 Karma
Reply
Solved! Jump to solution

ITWhisperer
SplunkTrust
SplunkTrust
‎03-28-2023 05:05 AM

Exactly what did you try - please share your SPL search

0 Karma
Reply
Solved! Jump to solution

ABHAYA
Path Finder
‎03-29-2023 03:06 AM

@ITWhisperer  I  got expected result by ServiceName != <value_to_be_added> in the last of SPL query. Thank you for your response.

0 Karma
Reply
Solved! Jump to solution

ABHAYA
Path Finder
‎03-24-2023 03:31 AM

@ITWhisperer  Thanks. The solution provided by you worked for me.How can we  find the average time for each service call.

e.g. Input : customerservice it2-customer.com completed in 10 ms.

                    customerservice it2-customer.com   completed in 8 ms

Expected output:  customerservice   9.

 

0 Karma
Reply
Solved! Jump to solution

ITWhisperer
SplunkTrust
SplunkTrust
‎03-24-2023 03:47 AM 
| stats avg(completion_time) as avg_completion_time by API
Reply
Solved! Jump to solution

ABHAYA
Path Finder
‎03-21-2023 06:08 AM

It is returning only the 1st digit of the number not the whole number. for e.g. returning 1 for 105.is there  any  way to improve  above  query.

0 Karma
Reply
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎03-21-2023 06:15 AM

Did you include the '+' after the '\d'?

Reply
Solved! Jump to solution

ITWhisperer
SplunkTrust
SplunkTrust
‎03-21-2023 05:21 AM 
| rex "(?<API>\w+) API call completed in (?<completion_time>\d+) ms"
0 Karma
Reply
Solved! Jump to solution

ABHAYA
Path Finder
‎03-23-2023 03:10 AM

@ITWhisperer  Thanks. The solution provided by you worked for me. but if the host name contains ip which contains number e.g.it2 or uat2 so it returns first number which is wrong. is it  better way to find a  number which is present in  before specific word like ms.

e.g. Input : customerservice it2-customer.com completed in 56 ms.

Expected output  customerservice  56.

Current output  customerservice 2.

0 Karma
Reply
Solved! Jump to solution

ITWhisperer
SplunkTrust
SplunkTrust
‎03-23-2023 04:17 AM 
| makeresults 
| eval _raw="customerservice it2-customer.com completed in 56 ms."
| rex "(?<API>\S+) completed in (?<completion_time>\d+) ms"
Reply
Get Updates on the Splunk Community!

.conf25 Registration is OPEN!

Ready. Set. Splunk! Your favorite Splunk user event is back and better than ever. Get ready for more technical ...

Detecting Cross-Channel Fraud with Splunk

This article is the final installment in our three-part series exploring fraud detection techniques using ...

Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside

Pack your bags (and maybe your dancing shoes)—Cisco Live is heading to San Diego, June 8–12, 2025, and Splunk ...
Top