Splunk Search

WIndows Software Installation: Extract from Message Field

rmsit
Communicator

Hello, everone. I am new to regular and perl expressions and attempting to extract the Product Name, Product Version and Product Language from the following Message field:

Windows Installer installed the product. Product Name: Java 7 Update 71. Product Version: 7.0.710. Product Language: 1033. Installation success or error status: 0.

What would be the best way to extract so I can search by Product, Version or Language? Thanks.

Tags (2)
0 Karma
1 Solution

musskopf
Builder

Try to create a field extraction for your source type and use the following expression:

^Windows Installer.+\. Product Name: (?P<productName>.+)\. Product Version: (?P<productVersion>.+)\. Product Language: (?P<productLanguage>.+)\. Installation.+$

One thing I normally do, is to open the site http://regex101.com/ and try the expression there. It's very helpful to understand what you're selecting.

View solution in original post

0 Karma

musskopf
Builder

Try to create a field extraction for your source type and use the following expression:

^Windows Installer.+\. Product Name: (?P<productName>.+)\. Product Version: (?P<productVersion>.+)\. Product Language: (?P<productLanguage>.+)\. Installation.+$

One thing I normally do, is to open the site http://regex101.com/ and try the expression there. It's very helpful to understand what you're selecting.

0 Karma

rmsit
Communicator

Thank you! Greatly appreciated.

0 Karma
Get Updates on the Splunk Community!

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...