Solved: Search output in tabular format - Splunk Community

Splunk Search

I am looking for help to extract the values from my log files

my log file has a sequence of data as follows

1.){xxxxxxxxxx} - Processing request
Loggeduser: true
Loggedusername: xyz/abc@xxx.com
Loginproviders: xxxxxxxxx

2.){xxxxxxxxxx} - Processing request
Loggeduser: true
Loggedusername: xyz/efg@jkl.com
Loginproviders: xxxxxxxxx

From the above mentioned sequence i am interested in extracting Loggedusername and its value to a tabular form, something as mentioned below
Activity user
Loggedusername xyz/abc@xxx.com
Loggedusername xyz/efg@jkl.com

How can i create a table with useful information as mentioned above.

1 Solution

Solution

many answers here:
https://answers.splunk.com/answers/310664/regex-to-extract-multiple-email-addresses-in-splun.html
https://answers.splunk.com/answers/172300/how-to-extract-the-email-address-from-the-my-logs.html
https://answers.splunk.com/answers/338138/how-to-search-for-and-extract-email-ids-with-dot-t.html
or use the gui field extractor
https://docs.splunk.com/Documentation/Splunk/latest/Knowledge/ExtractfieldsinteractivelywithIFX
https://docs.splunk.com/Documentation/Splunk/6.6.1/Scenarios/Extractfields
hope it helps

View solution in original post

Solution

many answers here:
https://answers.splunk.com/answers/310664/regex-to-extract-multiple-email-addresses-in-splun.html
https://answers.splunk.com/answers/172300/how-to-extract-the-email-address-from-the-my-logs.html
https://answers.splunk.com/answers/338138/how-to-search-for-and-extract-email-ids-with-dot-t.html
or use the gui field extractor
https://docs.splunk.com/Documentation/Splunk/latest/Knowledge/ExtractfieldsinteractivelywithIFX
https://docs.splunk.com/Documentation/Splunk/6.6.1/Scenarios/Extractfields
hope it helps

Thanks for your help.

infact there was multiple challenges was there which was like after extracting field some more data was need to be extracted in multiple line.I managed to get it solved by using "rex " and "(?m)" search command.

Get Updates on the Splunk Community!

Event Series: Telemetry Pipeline Management

Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud As ...

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...