Solved: help to extract value from field with rex function

ivana27 · ‎01-19-2021

Hi,

please help. I would like to see in table (to extract with rex) value of field paid. Log is:

2020-12-23 12:14:42.744 [Error] ## Get Sap NOK --> Check:OK (type:aaaa, paid:111.00EUR, change:0.00EUR, changeDddd:0.00EUR) - fffff:OK - rrrrr:NOT_STARTED - bbbb:NOT_STARTED - bnbn: - sn: - gggg:3333 - rererere:54554545- ererr:2

Thank you very much

Iv

scelikok · ‎01-19-2021

Hi @ivana27,

You can use one of below;

Extracts 111.00EUR
| rex field=_raw "paid:(?<paid>[^,]+)"

Extracts 111.00
| rex field=_raw "paid:(?<paid>[0-9\.]+)"

If this reply helps you an upvote is appreciated.

If this reply helps you an upvote and "Accept as Solution" is appreciated.

View solution in original post

scelikok · ‎01-19-2021

Hi @ivana27,

You can use one of below;

Extracts 111.00EUR
| rex field=_raw "paid:(?<paid>[^,]+)"

Extracts 111.00
| rex field=_raw "paid:(?<paid>[0-9\.]+)"

If this reply helps you an upvote is appreciated.

If this reply helps you an upvote and "Accept as Solution" is appreciated.

help to extract value from field with rex function

rex

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Join the Conversation

help to extract value from field with rex function

rex

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...