Splunk Search

Splunk Search content for a particular string

kaushal21rajput
New Member

Hi Team,

I have search in search head which gives output like in snapshot.
Now i want to assign a new field to client no like client 26 , client 31 . All these (client 26, client 31 etc) should have a particular field.
I have tried to used eval command but did not get exact function to be used.
Please help me . Snapshot is attached.alt text

Tags (1)
0 Karma

FrankVl
Ultra Champion

Assuming you want to extract the number into a field called client, you can do that using the rex command:

| rex "client\s+(?<client>\d+)\s+connected"

ddrillic
Ultra Champion

I think Frank meant - client\s+(?<client>\d+)\s+connected

FrankVl
Ultra Champion

Oh, yeah, sorry, forgot to post it as code, which makes the triangular brackets disappear. Fixed it :slightly_smiling_face:

0 Karma

ddrillic
Ultra Champion

Fun stuff ; -)

0 Karma

kaushal21rajput
New Member

Hi Ddrillic/FrankVI ,

I want to assign output value like "client 26 , client 36" to an another field .

These values should be visible in interesting fields.

That is my question.

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...