Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

extracting a field from message

chandukreddi
Path Finder
‎09-16-2020 10:09 AM

Hello Team,

I have below event and I am trying to extract this number 29120120  as a field and tried with below search but no luck, can anyone help me? 

 

source=system.log index=cassdb  ERROR AND "Failed to apply mutation locally" | rex field=_raw "Mutation\sof\s(?\d+)\s"

ERROR [SharedPool-Worker-2] 2020-09-15 20:20:00,815 StorageProxy.java:1348 - Failed to apply mutation locally : {} java.lang.IllegalArgumentException: Mutation of 29120120 bytes is too large for the maximum size of 16777216 at org.apache.cassandra.db.commitlog.CommitLog.add(CommitLog.java:256) ~[cassandra-all-3.0.13.1735.jar:3.0.13.1735] at org.apache.cassandra.db.Keyspace.applyInternal(Keyspace.java:596) ~[cassandra-all-3.0.13.1735.jar:3.0.13.1735] at org.apache.cassandra.db.Keyspace.apply(Keyspace.java:477) ~[cassandra-all-3.0.13.1735.jar:3.0.13.1735] at org.apache.cassandra.db.Mutation.apply(Mutation.java:210) ~[cassandra-all-3.0.13.1735.jar:3.0.13.1735] at org.apache.cassandra.db.Mutation.apply(Mutation.java:215) ~[cassandra-all-3.0.13.1735.jar:3.0.13.1735] at org.apache.cassandra.db.Mutation.apply(Mutation.java:224) ~[cassandra-all-3.0.13.1735.jar:3.0.13.1735] at org.apache.cassandra.service.StorageProxy$8.runMayThrow(StorageProxy.java:1342) ~[cassandra-all-3.0.13.1735.jar:3.0.13.1735] at org.apache.cassandra.service.StorageProxy$LocalMutationRunnable.run(StorageProxy.java:2514) [cassandra-all-3.0.13.1735.jar:3.0.13.1735] at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [na:1.8.0_131] at org.apache.cassandra.concurrent.AbstractLocalAwareExecutorService$FutureTask.run(AbstractLocalAwareExecutorService.java:164) [cassandra-all-3.0.13.1735.jar:3.0.13.1735] at org.apache.cassandra.concurrent.AbstractLocalAwareExecutorService$LocalSessionFutureTask.run(AbstractLocalAwareExecutorService.java:136) [cassandra-all-3.0.13.1735.jar:3.0.13.1735] at org.apache.cassandra.concurrent.SEPWorker.run(SEPWorker.java:105) [cassandra-all-3.0.13.1735.jar:3.0.13.1735] at java.lang.Thread.run(Thread.java:748) [na:1.8.0_131]

Labels (1)
Labels
0 Karma
Reply

chandukreddi
Path Finder
‎09-16-2020 12:21 PM

I have tried but none of them working 

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎09-16-2020 12:45 PM

Please share the exact queries you ran that don't work.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

erikwie
Path Finder
‎09-16-2020 10:34 AM

egex isn't not my strong side, but this might help you

| rex field=Message "Mutation of (?<value>\d+) bytes"
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎09-16-2020 10:30 AM

Try this.

source=system.log index=cassdb  ERROR AND "Failed to apply mutation locally" 
| rex "Mutation of (?<size>\d+) bytes is too large"
---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

What’s New & Next in Splunk SOAR

Security teams today are dealing with more alerts, more tools, and more pressure than ever.  Join us on ...

Your Voice Matters! Help Us Shape the New Splunk Lantern Experience

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

September Community Champions: A Shoutout to Our Contributors!

As we close the books on another fantastic month, we want to take a moment to celebrate the people who are the ...