Solved: help to extract value from field with rex function

ivana27 · ‎01-19-2021

Hi,

please help. I would like to see in table (to extract with rex) value of field paid. Log is:

2020-12-23 12:14:42.744 [Error] ## Get Sap NOK --> Check:OK (type:aaaa, paid:111.00EUR, change:0.00EUR, changeDddd:0.00EUR) - fffff:OK - rrrrr:NOT_STARTED - bbbb:NOT_STARTED - bnbn: - sn: - gggg:3333 - rererere:54554545- ererr:2

Thank you very much

Iv

scelikok · ‎01-19-2021

Hi @ivana27,

You can use one of below;

Extracts 111.00EUR
| rex field=_raw "paid:(?<paid>[^,]+)"

Extracts 111.00
| rex field=_raw "paid:(?<paid>[0-9\.]+)"

If this reply helps you an upvote is appreciated.

If this reply helps you an upvote and "Accept as Solution" is appreciated.

View solution in original post

scelikok · ‎01-19-2021

Hi @ivana27,

You can use one of below;

Extracts 111.00EUR
| rex field=_raw "paid:(?<paid>[^,]+)"

Extracts 111.00
| rex field=_raw "paid:(?<paid>[0-9\.]+)"

If this reply helps you an upvote is appreciated.

If this reply helps you an upvote and "Accept as Solution" is appreciated.

help to extract value from field with rex function

rex

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

May 2026 Splunk Expert Sessions: Security & Observability

Network to App: Observability Unlocked [May & June Series]

SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...

Join the Conversation