Solved: how to search using subsearch of occurence of a v...

VikashSharma47 · ‎05-24-2021

Hi Team,

I have a search query that searches for checking the busy tread and showing their occurrence in the log the value I need to print in the Splunk dashboard. We need printing bsy value beside the bsy like bsy 1,bsy 2 so we want to print those 1,2 value.

Attached the image for reference

@scelikok @gcusello and all Splunk enthusiastic please help

ITWhisperer · ‎05-24-2021

I have a space in my rex expression which you don't appear to have. Perhaps being more explicit about the space might help

| rex "(?<bsy>bsy\s\d+)"

View solution in original post

ITWhisperer · ‎05-24-2021

| rex "(?<bsy>bsy \d+)"

VikashSharma47 · ‎05-24-2021

Hi @ITWhisperer ,

I tried your given solution but it doesn't affect anything in the search. My ask is to fetch the result from the result. Actually, I need to print that bsy value which is beside it, and count for it. Attach the image for your reference. Anyway thanks a lot for looking into my queries. The result shows here in the image as bsy 3 so I need that 3 value has to printed.

ITWhisperer · ‎05-24-2021

I have a space in my rex expression which you don't appear to have. Perhaps being more explicit about the space might help

| rex "(?<bsy>bsy\s\d+)"

VikashSharma47 · ‎05-24-2021

Thanks @ITWhisperer , It's working

how to search using subsearch of occurence of a value

eval

field extraction

search job inspector

stats

subsearch

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!