Solved: Need your help to write query for below requiremen...

lksridhar · ‎12-11-2016

Hi Everyone,

Could you please anyone help me to extract the seconds values from the below log, please share the query to extract the seconds value from the logs.

sameple logs:

Nov 30, 2016 09:31:04 AM CST INFO (TransactionSearchDelegateImpl.java:55) - Transaction Search Query [] Time (in seconds) = 13.206

Thanks,
Sridhar

richgalloway · ‎12-11-2016

This should do it.

... | rex "=\s+(?<seconds>[\d\.]+)" | ...

---
If this reply helps you, Karma would be appreciated.

niketn · ‎12-11-2016

Try the following rex command:

rex field=_raw "Time \(in seconds\) = (?<TimeInSec>\d+\.\d+)"

PS: Once tested push to props.conf as Field Extraction Knowledge Object, through Interactive Field Extraction or editing props.conf directly.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

richgalloway · ‎12-11-2016

This should do it.

... | rex "=\s+(?<seconds>[\d\.]+)" | ...

---
If this reply helps you, Karma would be appreciated.

Need your help to write query for below requirement.