Solved: Re: How to get the value from the json file using ...

anooshac · ‎07-29-2021

Hi all,

I have a multiple json files. The format is like as below.

{
"ID": "123",
"TIME": "Jul 11, 2021, 08:55:54 AM",
"STATUS": "FAIL",
"DURATION": "4 hours, 32 minutes",
}

From these json files i want to use the DURATION field and convert the value into hours. After that i want to use these values of all the json files to plot a graph.

I have used regex to extract the value, but its not working. Below is the query that i have used.

| rex field=DURATION "(?<duration_hour>\d*)hours, ?(?<duration_minute>\d*)minutes"
| eval DURATION=duration_hour+(duration_minute)/60

can anyone please tell me what is mistake here?

kamlesh_vaghela · ‎07-29-2021

Try this

| rex field=DURATION "(?<duration_hour>\d*)\shours, ?(?<duration_minute>\d*)\sminutes"
| eval DURATION=duration_hour+(duration_minute)/60

View solution in original post

kamlesh_vaghela · ‎07-29-2021

Try this

| rex field=DURATION "(?<duration_hour>\d*)\shours, ?(?<duration_minute>\d*)\sminutes"
| eval DURATION=duration_hour+(duration_minute)/60

anooshac · ‎07-29-2021

Thank you so much!! It is working properly.. Can you please explain that query?

kamlesh_vaghela · ‎07-29-2021

Actually you did everything. I have just corrected your regular expressions

You missed space (\s) before hours and minutes

Happy Splukning

🙂

anooshac · ‎07-29-2021

yeah.. Got it! Thanks once again!!

How to get the value from the json file using regex?

regex

rex

Welcome to the Splunk Community!

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Adoption of RUM and APM at Splunk