Solved: How to write the regex to extract a number within ...

pavanae · ‎10-05-2015

The following were the strings visible in my Splunk search results…

An error occurred at line: 127 in the jsp file: /uk/store.jsp
An error occurred at line: 23 in the jsp file: /browse/find_it_content.jsp
An error occurred at line: 1 in the jsp file: /browse/find_it_content.jsp

Now I want to extract the field and display the count for the path that appears after the string An error occurred at line: 1 in the jsp file: and also for the line number it appeared.

Need the results like this :

Line_number        file                   count
56                 /browse/stats.jsp      (some count)
….                 ……..                   (some count)

richgalloway · ‎10-05-2015

This should get you started.

... | rex "An error occurred at line: (?<Line_number>\d+) in the jsp file: (?<file>.*)" | stats count by Line_number file | table Line_number file count

---
If this reply helps you, Karma would be appreciated.

View solution in original post

richgalloway · ‎10-05-2015

This should get you started.

... | rex "An error occurred at line: (?<Line_number>\d+) in the jsp file: (?<file>.*)" | stats count by Line_number file | table Line_number file count

---
If this reply helps you, Karma would be appreciated.

pavanae · ‎10-05-2015

Worked Great Thanks.

How to write the regex to extract a number within a string and the path that appears after the string in my search results?

What's New in Splunk Enterprise 9.4: Features to Power Your Digital Resilience

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

SignalFlow: What? Why? How?