Solved: Search output in tabular format - Splunk Community

Splunk Search

I am looking for help to extract the values from my log files

my log file has a sequence of data as follows

1.){xxxxxxxxxx} - Processing request
Loggeduser: true
Loggedusername: xyz/[email protected]
Loginproviders: xxxxxxxxx

2.){xxxxxxxxxx} - Processing request
Loggeduser: true
Loggedusername: xyz/[email protected]
Loginproviders: xxxxxxxxx

From the above mentioned sequence i am interested in extracting Loggedusername and its value to a tabular form, something as mentioned below
Activity user
Loggedusername xyz/[email protected]
Loggedusername xyz/[email protected]

How can i create a table with useful information as mentioned above.

1 Solution

Solution

many answers here:
https://answers.splunk.com/answers/310664/regex-to-extract-multiple-email-addresses-in-splun.html
https://answers.splunk.com/answers/172300/how-to-extract-the-email-address-from-the-my-logs.html
https://answers.splunk.com/answers/338138/how-to-search-for-and-extract-email-ids-with-dot-t.html
or use the gui field extractor
https://docs.splunk.com/Documentation/Splunk/latest/Knowledge/ExtractfieldsinteractivelywithIFX
https://docs.splunk.com/Documentation/Splunk/6.6.1/Scenarios/Extractfields
hope it helps

View solution in original post

Solution

many answers here:
https://answers.splunk.com/answers/310664/regex-to-extract-multiple-email-addresses-in-splun.html
https://answers.splunk.com/answers/172300/how-to-extract-the-email-address-from-the-my-logs.html
https://answers.splunk.com/answers/338138/how-to-search-for-and-extract-email-ids-with-dot-t.html
or use the gui field extractor
https://docs.splunk.com/Documentation/Splunk/latest/Knowledge/ExtractfieldsinteractivelywithIFX
https://docs.splunk.com/Documentation/Splunk/6.6.1/Scenarios/Extractfields
hope it helps

Thanks for your help.

infact there was multiple challenges was there which was like after extracting field some more data was need to be extracted in multiple line.I managed to get it solved by using "rex " and "(?m)" search command.

Get Updates on the Splunk Community!

Deep Dive: Accelerate threat investigation with Splunk’s AI Assistant in Security

AI is one of the biggest topics in the market today, and for security teams, its value goes far beyond the ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Detection Engineering Office Hours: Real-World Troubleshooting & Q&A

[REGISTER HERE] This thread is for the Community Office Hours session on Detection Engineering Office Hours: ...