Splunk Search

extract number from a field and output to a table or new field

bablucho
Path Finder

i am trying to extract the Printed number value from the below string deriving from field3 and out put to a table or new field known as 'Printed'

Summary:

Selected: : 001558
Deceased : 000003
GoneAway : 000007
Suspended : 000023
Sent2Print : 001527
===== : ===
Printed : 001527
===== : ===

Tags (2)
0 Karma
1 Solution

richgalloway
SplunkTrust
SplunkTrust

If I understand your question correctly, this should get you started.

... | rex field=field3 "Printed\s*:\s*(?<Printed>\d+)" | ...
---
If this reply helps you, Karma would be appreciated.

View solution in original post

0 Karma

bablucho
Path Finder

actually its not in a field 3...
the below is an extract from an event. when I try to manually extract it does not show the full event past line 18 so I thought maybe a regex will be able to pull the data 'Printed: <001527>
Selected: : 001558
Deceased : 000003
GoneAway : 000007
Suspended : 000023
Sent2Print : 001527
===== : ===
Printed : 001527
===== : ===

0 Karma

skoelpin
SplunkTrust
SplunkTrust

This should auto-extract at searchtime. If not then try adding this to your search

| rex field=field3 Printed\s\:\s(?<Printed>\d+)
| table Printed
0 Karma

richgalloway
SplunkTrust
SplunkTrust

If I understand your question correctly, this should get you started.

... | rex field=field3 "Printed\s*:\s*(?<Printed>\d+)" | ...
---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...

Adoption of Infrastructure Monitoring at Splunk

  Splunk's Growth Engineering team showcases one of their first Splunk product adoption-Splunk Infrastructure ...