Solved: help to extract value from field with rex function

ivana27 · ‎01-19-2021

Hi,

please help. I would like to see in table (to extract with rex) value of field paid. Log is:

2020-12-23 12:14:42.744 [Error] ## Get Sap NOK --> Check:OK (type:aaaa, paid:111.00EUR, change:0.00EUR, changeDddd:0.00EUR) - fffff:OK - rrrrr:NOT_STARTED - bbbb:NOT_STARTED - bnbn: - sn: - gggg:3333 - rererere:54554545- ererr:2

Thank you very much

Iv

scelikok · ‎01-19-2021

Hi @ivana27,

You can use one of below;

Extracts 111.00EUR
| rex field=_raw "paid:(?<paid>[^,]+)"

Extracts 111.00
| rex field=_raw "paid:(?<paid>[0-9\.]+)"

If this reply helps you an upvote is appreciated.

If this reply helps you an upvote and "Accept as Solution" is appreciated.

View solution in original post

scelikok · ‎01-19-2021

Hi @ivana27,

You can use one of below;

Extracts 111.00EUR
| rex field=_raw "paid:(?<paid>[^,]+)"

Extracts 111.00
| rex field=_raw "paid:(?<paid>[0-9\.]+)"

If this reply helps you an upvote is appreciated.

If this reply helps you an upvote and "Accept as Solution" is appreciated.

help to extract value from field with rex function

rex

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Splunk MCP & Agentic AI: Machine Data Without Limits

Application management with Targeted Application Install for Victoria Experience

Join the Conversation

help to extract value from field with rex function

rex

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Splunk MCP & Agentic AI: Machine Data Without Limits

Application management with Targeted Application Install for Victoria Experience