Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to parse Event to get 3rd item and pieces of 3rd item?

trent6
Explorer
‎06-09-2022 09:54 AM

I have a collection of log files that I am trying to parse. 
Quick summary:
From Apache/Tomcat using logback

I don't have permission to change the layout of the log files at the moment but can work on that

Event field from the quick parse seems to hold a lot of data that could be separated out into "Fields" via comma separation.  

I seem to need the 3rd item in Event if we could parse them by comma

Is there an easy way to do that in the query syntax?

The Event section looks like:
date,  something about a filter, THE URL THAT I WANT, other junk etc

2022-05-01 23:15:24,  calling SSO: null, /topUrl/rest/services/folder/servicename/command?moreinfoEtc, referer: Null, request ip: 10.xxx.xxx.xxx

So, I'd love to get statistics on 

topURL

ServiceName

Any help would be great.

 

Labels (1)
Labels
0 Karma
Reply

trent6
Explorer
‎06-09-2022 12:59 PM

Actually, as I look at the files, they are all CSV.  and the item that I want is th 3rd or 4th item.
How do i Splunk Free to just read the filess as csv and treat them as columns?  This should be very simple.
Take a months worth of web logs and parse them in to fields based on CSV and allow me to do some basic queries....
How do I read them in as simple csv?

0 Karma
Reply
Get Updates on the Splunk Community!

Accelerating Observability as Code with the Splunk AI Assistant

We’ve seen in previous posts what Observability as Code (OaC) is and how it’s now essential for managing ...

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

 Splunk is More Than Just the Web Console For Digital Forensics and Incident Response (DFIR) practitioners, ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...