Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

What's Wrong With This Query?

ahcarpenter
Engager
‎12-12-2020 10:41 AM

Hi,

 

Any thought off-hand as to what I'm not accounting for?

Looking to extract values from a field in unstructured logs.

Example event:

... { X-Request-Id:[<36_characters_of_interest>] .....

Was attempting to pull it from a named capture group (whose regex itself matches the correct characters), but no luck with any data showing up in the table.

index="k8s_events" real-estate-app X-Request-Id
| regex (?<x_request_id>(?<=X\-Request\-Id\:\[).............................................)
| table x_request_id

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎12-12-2020 11:14 AM 
| rex "X\-Request\-Id\:\[(?<x_request_id>.{36})"

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎12-12-2020 11:14 AM 
| rex "X\-Request\-Id\:\[(?<x_request_id>.{36})"
0 Karma
Reply
Solved! Jump to solution

ahcarpenter
Engager
‎12-12-2020 12:35 PM

Thank you!!

0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...