Hi what is the rex for "No is invalid. Please ask to a admin"
Here is the log:
21:32:26.729 customer modules: type="xsd:string"><response><result>ActionFail</result><errno>00000</errno><desc>No is invalid. Please ask to a admin</desc><jobid>000000</jobid><msgid>00000</msgid><cmd>info</cmd></response></return></ad1:
Thanks,
Hi @indeed_2000,
sorry but I don't understand what you realy want:
if you want to search the string, you don't need the regex and you can use the Splunk search;
If you want to use the regex command to search the string, you can use the command
| regex "No is invalid. Please ask to a admin"
Your log seems to be a Json log, so you could use the "spath" command
if you want to extract the "desc" field (that in this case is "No is invalid. Please ask to a admin"), you could use the rex command:
| rex "\<desc\>(?<desc>[^\<]+)\<\/desc\>"
or the rex command
| rex "\<desc\>(?<desc>[^\<]+)\<\/desc\>"
Let me know.
Ciao.
Giuseppe
Hi @indeed_2000,
sorry but I don't understand what you realy want:
if you want to search the string, you don't need the regex and you can use the Splunk search;
If you want to use the regex command to search the string, you can use the command
| regex "No is invalid. Please ask to a admin"
Your log seems to be a Json log, so you could use the "spath" command
if you want to extract the "desc" field (that in this case is "No is invalid. Please ask to a admin"), you could use the rex command:
| rex "\<desc\>(?<desc>[^\<]+)\<\/desc\>"
or the rex command
| rex "\<desc\>(?<desc>[^\<]+)\<\/desc\>"
Let me know.
Ciao.
Giuseppe
second rex work perfectly.
thanks