Can someone please help me with this?
I just start using splunk and I cannot figure out this, what I need is to extract the guestid in this example:
"http_body": "{\"data\":{\"guest\":{\"profileStatus\":\"A\",\"guestId\":123456789
Thanks in advance.
Try Below rex command-
|makeresults|eval _raw="\"http_body\": \"{\"data\":{\"guest\":{\"profileStatus\":\"A\",\"guestId\":123456789"|rex "guestId\\\":(?<a>\d+)"
For testing you can use https://regex101.com/
