Splunk Search

how to retrieve memory value from GC log

sangs8788
Communicator

I have below event from GC log,

2017-11-20T23:13:13.311-0800: 205957.353: [GC (Allocation Failure) 5152315K->4647798K(9100152K), 0.0800170 secs]

How do i retrieve the value for Allocation before GC ran, Allocation after GC ran, Heap memory and the GC time from the event ?

Tags (1)
0 Karma
1 Solution

sangs8788
Communicator

I got the answer through regex.

View solution in original post

0 Karma

niketn
Legend

@sangs8788, Similar question has been asked for GC Log: https://answers.splunk.com/answers/568989/garbage-collection-logs-field-extraction-from-log.html

Try the following regular expression:

\[([^\(]+)\(([^\)]+)\)[\)|\s]+(?<field1>\d+)K-\>(?<field2>\d+)K\((?<field3>\d+)K\), (?<field4>[\d|\.]+)

You can test your regular expression with sample log data on regex101.com

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

sangs8788
Communicator

I got the answer through regex.

0 Karma
Get Updates on the Splunk Community!

Leveraging Detections from the Splunk Threat Research Team & Cisco Talos

  Now On Demand  Stay ahead of today’s evolving threats with the combined power of the Splunk Threat Research ...

New in Splunk Observability Cloud: Automated Archiving for Unused Metrics

Automated Archival is a new capability within Metrics Management; which is a robust usage & cost optimization ...

Calling All Security Pros: Ready to Race Through Boston?

Hey Splunkers, .conf25 is heading to Boston and we’re kicking things off with something bold, competitive, and ...