Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Regex, Split into fields and timechart

borisalves
Path Finder
‎08-02-2011 02:38 PM

I have several of this kind:

8/2/11 2:20:57.000 PM  2011-08-02 14:20:57 Err: DeliveryPolicy:: _deliverRequest: failed to route request[42] for [TestRPC.1@G2MP2:getTestManagementURL] from peer 810607[ept] [(2008) "ECError::eNotFound"]
host=g2megw22.las.expertcity.com   Options|  sourcetype=egw   Options|  source=/opt/ec/egw/logs/egw_g2m_live_g2megw22.las.expertcity.com-1-20110802.log   Options

I need to Extract :

[TestRPC.1@G2MP2:getTestManagementURL]

Than Split into a fields:

Service=TestRPC.1@G2MP2
Method=getTestManagementURL

I will present this as a histogram with timechart.

I have not been sucessful so far with rex
thanks

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

borisalves
Path Finder
‎03-04-2013 10:21 AM

Here is the final result:

"failed to route request" sourcetype="egw" | rex field=_raw "for \[(?<service>.?):(?<method>.?)\]" | timechart span=1d count by service and then "failed to route request" sourcetype="egw" | rex field=_raw "for \[(?<service>.?):(?<method>.?)\]" | timechart span=1d count by method

I will try to combine both graphs.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

borisalves
Path Finder
‎03-04-2013 10:21 AM

Here is the final result:

"failed to route request" sourcetype="egw" | rex field=_raw "for \[(?<service>.?):(?<method>.?)\]" | timechart span=1d count by service and then "failed to route request" sourcetype="egw" | rex field=_raw "for \[(?<service>.?):(?<method>.?)\]" | timechart span=1d count by method

I will try to combine both graphs.

0 Karma
Reply
Get Updates on the Splunk Community!

Reduce and Transform Your Firewall Data with Splunk Data Management

Managing high-volume firewall data has always been a challenge. Noisy events and verbose traffic logs often ...

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...