Solved: How to write the regex to extract a number within ...

pavanae · ‎10-05-2015

The following were the strings visible in my Splunk search results…

An error occurred at line: 127 in the jsp file: /uk/store.jsp
An error occurred at line: 23 in the jsp file: /browse/find_it_content.jsp
An error occurred at line: 1 in the jsp file: /browse/find_it_content.jsp

Now I want to extract the field and display the count for the path that appears after the string An error occurred at line: 1 in the jsp file: and also for the line number it appeared.

Need the results like this :

Line_number        file                   count
56                 /browse/stats.jsp      (some count)
….                 ……..                   (some count)

richgalloway · ‎10-05-2015

This should get you started.

... | rex "An error occurred at line: (?<Line_number>\d+) in the jsp file: (?<file>.*)" | stats count by Line_number file | table Line_number file count

---
If this reply helps you, Karma would be appreciated.

View solution in original post

richgalloway · ‎10-05-2015

This should get you started.

... | rex "An error occurred at line: (?<Line_number>\d+) in the jsp file: (?<file>.*)" | stats count by Line_number file | table Line_number file count

---
If this reply helps you, Karma would be appreciated.

pavanae · ‎10-05-2015

Worked Great Thanks.

How to write the regex to extract a number within a string and the path that appears after the string in my search results?

Security Professional: Sharpen Your Defenses with These .conf25 Sessions

First Steps with Splunk SOAR

How To Build a Self-Service Observability Practice with Splunk Observability Cloud

Are you a member of the Splunk Community?

How to write the regex to extract a number within a string and the path that appears after the string in my search results?

Security Professional: Sharpen Your Defenses with These .conf25 Sessions

First Steps with Splunk SOAR

How To Build a Self-Service Observability Practice with Splunk Observability Cloud