Solved: Regex, Split into fields and timechart

borisalves · ‎08-02-2011

I have several of this kind:

8/2/11 2:20:57.000 PM  2011-08-02 14:20:57 Err: DeliveryPolicy:: _deliverRequest: failed to route request[42] for [TestRPC.1@G2MP2:getTestManagementURL] from peer 810607[ept] [(2008) "ECError::eNotFound"]
host=g2megw22.las.expertcity.com   Options|  sourcetype=egw   Options|  source=/opt/ec/egw/logs/egw_g2m_live_g2megw22.las.expertcity.com-1-20110802.log   Options

I need to Extract :

[TestRPC.1@G2MP2:getTestManagementURL]

Than Split into a fields:

Service=TestRPC.1@G2MP2
Method=getTestManagementURL

I will present this as a histogram with timechart.

I have not been sucessful so far with rex
thanks

borisalves · ‎03-04-2013

Here is the final result:

"failed to route request" sourcetype="egw" | rex field=_raw "for \[(?<service>.?):(?<method>.?)\]" | timechart span=1d count by service and then "failed to route request" sourcetype="egw" | rex field=_raw "for \[(?<service>.?):(?<method>.?)\]" | timechart span=1d count by method

I will try to combine both graphs.

View solution in original post

borisalves · ‎03-04-2013

Here is the final result:

"failed to route request" sourcetype="egw" | rex field=_raw "for \[(?<service>.?):(?<method>.?)\]" | timechart span=1d count by service and then "failed to route request" sourcetype="egw" | rex field=_raw "for \[(?<service>.?):(?<method>.?)\]" | timechart span=1d count by method

I will try to combine both graphs.

Regex, Split into fields and timechart

Data Management Digest – December 2025

Index This | What is broken 80% of the time by February?

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Join the Conversation

Regex, Split into fields and timechart

Data Management Digest – December 2025

Index This | What is broken 80% of the time by February?

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...