Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to write a regular expression for my use case?

sravankaripe
Communicator
‎11-01-2016 01:08 PM 
11-01-2016 14:53:32.199 -0500 INFO  StreamedSearch - Streamed search connection terminated: search.......................

11-01-2016 15:01:31.638 -0500 WARN  DateParserVerbose - Failed to parse timestamp. Defaulting to timestamp of previous event....................

i have a use case to display the messages for all log levels. Please help me in writing the rex for this case.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎11-01-2016 01:21 PM

Assuming the location of log_level field is fixed in your events (after timestamp), then give this a try

your base search | rex "^(\S+\s+){3}(?<log_level>\S+)"

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎11-01-2016 01:21 PM

Assuming the location of log_level field is fixed in your events (after timestamp), then give this a try

your base search | rex "^(\S+\s+){3}(?<log_level>\S+)"
0 Karma
Reply
Solved! Jump to solution

ddrillic
Ultra Champion
‎11-01-2016 01:15 PM

A similar request at Search time indexing failing with certain field name

0 Karma
Reply
Solved! Jump to solution

skoelpin
SplunkTrust
SplunkTrust
‎11-01-2016 01:14 PM

Try this 

Base Search | rex (?P<Messages>(?<=INFO|WARN).+\B)
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

From Idea to Implementation: Why Splunk Built mTLS into Splunk Enterprise 10.0  mTLS wasn’t just a checkbox ...