Splunk Search

field extraction for latency message

karcodsa
New Member

Hi All,

Below is my search result to get datapower latency logs. I need to prepare a chart to display the response time by each services. The latency message provide the response time of each events in milliseconds, I need to extract the 12th position of the latency message to prepare the charts. Can someone help me to extract this field using rex?


Apr 25 20:38:29 10.142.102.50 Apr 25 20:38:29 server1 [in01_sr][latency][info] wsgw(service): trans(57567889)[10.142.99.6]: Latency: 0 566 0 527 566 522 1 3859 3941 3861 3941 3942 3936 3924 527 566 [http://10.140.102.46:9005/service]

Apr 25 18:32:17 10.142.102.50 Apr 25 18:32:17 server1 [in01_sr][latency][info] wsgw(service): trans(57567681)[10.142.99.6]: Latency: 0 64 0 32 64 26 1 847 929 848 929 930 923 912 32 64 [http://10.140.102.46:9005/service]

Apr 25 18:21:21 10.142.102.50 Apr 25 18:21:21 server1 [in01_sr][latency][info] wsgw(service): trans(57567409)[10.142.99.6]: Latency: 0 19 0 19 19 14 1 757 808 758 808 808 803 790 19 19 [http://10.140.102.46:9005/service]

Tags (1)
0 Karma

kingsizebk
Path Finder

Are you interested in a DataPower app for Splunk that will provide much deeper Latency details? It also has several other features that are useful to DP operations, development and business teams....

jmacera
Engager

Is there a DataPower app for Splunk? I really would like to get the DataPower records formatted better in Splunk so that I can do stats by Web Service.

0 Karma

Ayn
Legend
Latency:\s+(?:\d+\s+){11}(?<response_time>\d+)
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...