Join the Conversation
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Search output in tabular format
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am looking for help to extract the values from my log files
my log file has a sequence of data as follows
1.){xxxxxxxxxx} - Processing request
Loggeduser: true
Loggedusername: xyz/abc@xxx.com
Loginproviders: xxxxxxxxx
2.){xxxxxxxxxx} - Processing request
Loggeduser: true
Loggedusername: xyz/efg@jkl.com
Loginproviders: xxxxxxxxx
From the above mentioned sequence i am interested in extracting Loggedusername and its value to a tabular form, something as mentioned below
Activity user
Loggedusername xyz/abc@xxx.com
Loggedusername xyz/efg@jkl.com
How can i create a table with useful information as mentioned above.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
many answers here:
https://answers.splunk.com/answers/310664/regex-to-extract-multiple-email-addresses-in-splun.html
https://answers.splunk.com/answers/172300/how-to-extract-the-email-address-from-the-my-logs.html
https://answers.splunk.com/answers/338138/how-to-search-for-and-extract-email-ids-with-dot-t.html
or use the gui field extractor
https://docs.splunk.com/Documentation/Splunk/latest/Knowledge/ExtractfieldsinteractivelywithIFX
https://docs.splunk.com/Documentation/Splunk/6.6.1/Scenarios/Extractfields
hope it helps
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
many answers here:
https://answers.splunk.com/answers/310664/regex-to-extract-multiple-email-addresses-in-splun.html
https://answers.splunk.com/answers/172300/how-to-extract-the-email-address-from-the-my-logs.html
https://answers.splunk.com/answers/338138/how-to-search-for-and-extract-email-ids-with-dot-t.html
or use the gui field extractor
https://docs.splunk.com/Documentation/Splunk/latest/Knowledge/ExtractfieldsinteractivelywithIFX
https://docs.splunk.com/Documentation/Splunk/6.6.1/Scenarios/Extractfields
hope it helps
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for your help.
infact there was multiple challenges was there which was like after extracting field some more data was need to be extracted in multiple line.I managed to get it solved by using "rex " and "(?m)" search command.
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon
[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions
Splunk Community Badges!
