Solved: help to extract value from field with rex function

ivana27 · ‎01-19-2021

Hi,

please help. I would like to see in table (to extract with rex) value of field paid. Log is:

2020-12-23 12:14:42.744 [Error] ## Get Sap NOK --> Check:OK (type:aaaa, paid:111.00EUR, change:0.00EUR, changeDddd:0.00EUR) - fffff:OK - rrrrr:NOT_STARTED - bbbb:NOT_STARTED - bnbn: - sn: - gggg:3333 - rererere:54554545- ererr:2

Thank you very much

Iv

scelikok · ‎01-19-2021

Hi @ivana27,

You can use one of below;

Extracts 111.00EUR
| rex field=_raw "paid:(?<paid>[^,]+)"

Extracts 111.00
| rex field=_raw "paid:(?<paid>[0-9\.]+)"

If this reply helps you an upvote is appreciated.

If this reply helps you an upvote and "Accept as Solution" is appreciated.

View solution in original post

scelikok · ‎01-19-2021

Hi @ivana27,

You can use one of below;

Extracts 111.00EUR
| rex field=_raw "paid:(?<paid>[^,]+)"

Extracts 111.00
| rex field=_raw "paid:(?<paid>[0-9\.]+)"

If this reply helps you an upvote is appreciated.

If this reply helps you an upvote and "Accept as Solution" is appreciated.

help to extract value from field with rex function

rex

Community Content Calendar, November Edition

October Community Champions: A Shoutout to Our Contributors!

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

Are you a member of the Splunk Community?

help to extract value from field with rex function

rex

Community Content Calendar, November Edition

October Community Champions: A Shoutout to Our Contributors!

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!