Need the output of list of usernames and timestamp...

ravir_jbp · ‎02-12-2021

Need the output of list of usernames and timestamp of the event in the splunk string for below event. We have list of users that I need to see logged in the event.

2021-02-12 03:15:37,681 ERROR [com.avc.services.avc.service.HoverTextService] - Unexpected exception in hovertext() Message: Invalid 'username' value: user 'test1' does not exist in system""""



Currently I am using search like:

index=abc "Invalid 'username'" Message | rex "user\ \'(?<user>[^\']*)\"" 

But I am not getting the expected results. I am expecting the results like:

username         timestamp

user1                   2021-02-12 03:15:37

user2                  2021-02-12 03:15:37

ITWhisperer · ‎02-12-2021

It looks like the last escaped double quote should be an escaped single quote

index=abc "Invalid 'username'" Message | rex "user\ \'(?<user>[^\']*)\'"

Need the output of list of usernames and timestamp of the event in the splunk string

regex

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

Are you a member of the Splunk Community?

Need the output of list of usernames and timestamp of the event in the splunk string

regex

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?