Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to write the regex to extract a number within a string and the path that appears after the string in my search results?

pavanae
Builder
‎10-05-2015 01:07 PM

The following were the strings visible in my Splunk search results…

An error occurred at line: 127 in the jsp file: /uk/store.jsp
An error occurred at line: 23 in the jsp file: /browse/find_it_content.jsp
An error occurred at line: 1 in the jsp file: /browse/find_it_content.jsp

Now I want to extract the field and display the count for the path that appears after the string An error occurred at line: 1 in the jsp file: and also for the line number it appeared.

Need the results like this :

Line_number        file                   count
56                 /browse/stats.jsp      (some count)
….                 ……..                   (some count)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎10-05-2015 01:32 PM

This should get you started.

... | rex "An error occurred at line: (?<Line_number>\d+) in the jsp file: (?<file>.*)" | stats count by Line_number file | table Line_number file count
---
If this reply helps you, an upvote would be appreciated.

View solution in original post

Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎10-05-2015 01:32 PM

This should get you started.

... | rex "An error occurred at line: (?<Line_number>\d+) in the jsp file: (?<file>.*)" | stats count by Line_number file | table Line_number file count
---
If this reply helps you, an upvote would be appreciated.

View solution in original post

Reply
Solved! Jump to solution

pavanae
Builder
‎10-05-2015 02:04 PM

Worked Great Thanks.

0 Karma
Reply
Get Updates on the Splunk Community!