Solved: REGEX

dteixeira98 · ‎07-09-2021

Hi guys, im noob in regular expressions!!

2021-07-05 23:22:12.807 +01:00 [WRN] XXXXX.Membership.Renew Long Running Request: IntegratePaymentCommand (1082 milliseconds) Jobs {"BatchSize":10,"MaxRetry":5,"$type":"IntegratePaymentCommand"}

What if I want to take [WRN] as event_level.. can be [WRN] or [ERR].
And ( xxxxx miliseconds) as time.

venkatasri · ‎07-09-2021

Hi @dteixeira98 Can you try this?

<your_search_goes_here>
| rex "\[(?<level>\w+)\].+\((?<time_taken>\d+)\s+milliseconds"

Field level will have WRN, ERR, ERROR etc and time_taken would be milliseconds.

--

An upvote would be appreciated and Accept solution if this reply helps!

View solution in original post

dteixeira98 · ‎07-09-2021

Thanks that really helped me!

venkatasri · ‎07-09-2021

@dteixeira98 Great! Appreciate if you could Accept the solution that helps others.

venkatasri · ‎07-09-2021

Hi @dteixeira98 Can you try this?

<your_search_goes_here>
| rex "\[(?<level>\w+)\].+\((?<time_taken>\d+)\s+milliseconds"

Field level will have WRN, ERR, ERROR etc and time_taken would be milliseconds.

--

An upvote would be appreciated and Accept solution if this reply helps!

REGEX

field extraction

regex

rex

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!