Splunk Search

field extraction for latency message

karcodsa
New Member

Hi All,

Below is my search result to get datapower latency logs. I need to prepare a chart to display the response time by each services. The latency message provide the response time of each events in milliseconds, I need to extract the 12th position of the latency message to prepare the charts. Can someone help me to extract this field using rex?


Apr 25 20:38:29 10.142.102.50 Apr 25 20:38:29 server1 [in01_sr][latency][info] wsgw(service): trans(57567889)[10.142.99.6]: Latency: 0 566 0 527 566 522 1 3859 3941 3861 3941 3942 3936 3924 527 566 [http://10.140.102.46:9005/service]

Apr 25 18:32:17 10.142.102.50 Apr 25 18:32:17 server1 [in01_sr][latency][info] wsgw(service): trans(57567681)[10.142.99.6]: Latency: 0 64 0 32 64 26 1 847 929 848 929 930 923 912 32 64 [http://10.140.102.46:9005/service]

Apr 25 18:21:21 10.142.102.50 Apr 25 18:21:21 server1 [in01_sr][latency][info] wsgw(service): trans(57567409)[10.142.99.6]: Latency: 0 19 0 19 19 14 1 757 808 758 808 808 803 790 19 19 [http://10.140.102.46:9005/service]

Tags (1)
0 Karma

kingsizebk
Path Finder

Are you interested in a DataPower app for Splunk that will provide much deeper Latency details? It also has several other features that are useful to DP operations, development and business teams....

jmacera
Engager

Is there a DataPower app for Splunk? I really would like to get the DataPower records formatted better in Splunk so that I can do stats by Web Service.

0 Karma

Ayn
Legend
Latency:\s+(?:\d+\s+){11}(?<response_time>\d+)
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Think Like an Architect: Introducing the Splunk Certified Cybersecurity Defense ...

In cybersecurity, defenders respond to threats. Architects design the systems that stop them.    As ...

Best Practices: Splunk auto adjust pipeline queue

When you enable autoAdjustQueue in Splunk, maxSize should be understood as the queue size Splunk starts with ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...