To extract string value using regex

parthiban · ‎03-04-2024

Hi Team,

I want to extract the below field value, here the challenge is the error code 403 sometimes it will change.

"processing_stage": "Getting a response of 403 from CRM Lead"

Kindly help me to extract the message using regex or any option available.

parthiban · ‎03-04-2024

Hi @gcusello

It is not working as expected, I need to extract full string

gcusello · ‎03-04-2024

Hi @parthiban,

you hughlighted only the 403 response code, if you want the full string, you could use:

| rex "\"processing_stage\": \"(?<response>[^\"]+)"

that you can test at https://regex101.com/r/mz4c1L/2

Ciao.

Giuseppe

gcusello · ‎03-04-2024

Hi @parthiban,

if the message string is fixed, you could try:

<your_search> 
| rex "\"Getting a response of (?<response>\d+)"
| table ...

you can test this regex at https://regex101.com/r/mz4c1L/1

Ciao.

Giuseppe

To extract string value using regex

field extraction

regex

rex

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Index This | What travels the world but is also stuck in place?

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

Join the Conversation

To extract string value using regex

field extraction

regex

rex

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Index This | What travels the world but is also stuck in place?

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...