Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

how can i get each value for specific filed?

prabhunesanket1
New Member
‎04-11-2018 03:13 PM

index=test host=rider2*58* APP=TEST | rex field=_raw "*CAR:(?\d+)*" | table CAR

this is my query. But whenever i run it, i get empty values in table CAR. Can someone please help me how can i get the values populated ? everything else works fine but values are not getting displayed

Tags (1)
0 Karma
Reply

mayurr98
Super Champion
‎04-11-2018 11:14 PM

I think the problem is in the regex. can you give us sample events and let us know what do you want to extract.

0 Karma
Reply

PowerPacked
Builder
‎04-11-2018 06:47 PM

Please check with the Regex you wrote & there can be chances of failure in the earlier query as well.

Like check if index=test host=rider2*58* APP=TEST is populating any events.

& it would be helpfull, if you provide us a sample event which contains all the field values.

Thanks

0 Karma
Reply
Get Updates on the Splunk Community!

Data Management Digest – November 2025

  Welcome to the inaugural edition of Data Management Digest! As your trusted partner in data innovation, the ...

Splunk Mobile: Your Brand-New Home Screen

Meet Your New Mobile Hub  Hello Splunk Community!  Staying connected to your data—no matter where you are—is ...

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Real progress on your strategic priorities starts with knowing the business outcomes your teams are delivering ...