Join the Conversation
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- extracting a field from message
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
extracting a field from message
Hello Team,
I have below event and I am trying to extract this number 29120120 as a field and tried with below search but no luck, can anyone help me?
source=system.log index=cassdb ERROR AND "Failed to apply mutation locally" | rex field=_raw "Mutation\sof\s(?\d+)\s"
ERROR [SharedPool-Worker-2] 2020-09-15 20:20:00,815 StorageProxy.java:1348 - Failed to apply mutation locally : {} java.lang.IllegalArgumentException: Mutation of 29120120 bytes is too large for the maximum size of 16777216 at org.apache.cassandra.db.commitlog.CommitLog.add(CommitLog.java:256) ~[cassandra-all-3.0.13.1735.jar:3.0.13.1735] at org.apache.cassandra.db.Keyspace.applyInternal(Keyspace.java:596) ~[cassandra-all-3.0.13.1735.jar:3.0.13.1735] at org.apache.cassandra.db.Keyspace.apply(Keyspace.java:477) ~[cassandra-all-3.0.13.1735.jar:3.0.13.1735] at org.apache.cassandra.db.Mutation.apply(Mutation.java:210) ~[cassandra-all-3.0.13.1735.jar:3.0.13.1735] at org.apache.cassandra.db.Mutation.apply(Mutation.java:215) ~[cassandra-all-3.0.13.1735.jar:3.0.13.1735] at org.apache.cassandra.db.Mutation.apply(Mutation.java:224) ~[cassandra-all-3.0.13.1735.jar:3.0.13.1735] at org.apache.cassandra.service.StorageProxy$8.runMayThrow(StorageProxy.java:1342) ~[cassandra-all-3.0.13.1735.jar:3.0.13.1735] at org.apache.cassandra.service.StorageProxy$LocalMutationRunnable.run(StorageProxy.java:2514) [cassandra-all-3.0.13.1735.jar:3.0.13.1735] at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [na:1.8.0_131] at org.apache.cassandra.concurrent.AbstractLocalAwareExecutorService$FutureTask.run(AbstractLocalAwareExecutorService.java:164) [cassandra-all-3.0.13.1735.jar:3.0.13.1735] at org.apache.cassandra.concurrent.AbstractLocalAwareExecutorService$LocalSessionFutureTask.run(AbstractLocalAwareExecutorService.java:136) [cassandra-all-3.0.13.1735.jar:3.0.13.1735] at org.apache.cassandra.concurrent.SEPWorker.run(SEPWorker.java:105) [cassandra-all-3.0.13.1735.jar:3.0.13.1735] at java.lang.Thread.run(Thread.java:748) [na:1.8.0_131]
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have tried but none of them working
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Please share the exact queries you ran that don't work.
If this reply helps you, Karma would be appreciated.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
egex isn't not my strong side, but this might help you
| rex field=Message "Mutation of (?<value>\d+) bytes"- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Try this.
source=system.log index=cassdb ERROR AND "Failed to apply mutation locally"
| rex "Mutation of (?<size>\d+) bytes is too large"If this reply helps you, Karma would be appreciated.
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Event Series May & June: From Network Visibility to Service Intelligence
Global Splunk User Group Events: May + June 2026
Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas
