To extract a string which has numeric value and ge...

minaljain · ‎04-09-2019

I have logs in splunk as mentioned below
3/22/19
2:05:44.000 PM

Date = 2019-03-22 13:58:19,827 | Level = INFO | RequestID = 5131ffcba936427599a228951e21 | ErrorCode = (null) | ErrorMessage = Records details | Alert = false | Message = Manufacture:Actia;Total Records:1;Processed Records:1;Failed Records:0

In the above log there is a field called Message which has string with the information of the Manufacture and number of records.
I need to write a query which extracts Total number of records , processed records and failed records value and get the count and show it in a bar chart.

Below is the query which i have written which is not giving the expected result
index =".." "Failed Records" "Manufacture:Actia" |rex field=_raw "Total Records:(?\d+);Processed Records:(?\d+);Failed Records:(?\d+)" |timechart count(total) as Total, count(processed) as processed,count(failed) as Failed

i need the bar chart as attached below.
Please suggest

vnravikumar · ‎04-09-2019

Hi

To extract try this

..|rex field=Message "Manufacture\:(?P<Manufacture>\w+);Total Records\:(?P<Total_Records>\d+)\;Processed Records:(?P<Processed_Records>\d+)\;Failed Records\:(?P<Failed_Records>\d+)"

To extract a string which has numeric value and get the count

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!