Solved: want to extract field values from log and perform ...

nhatode · ‎12-15-2021

Hi,

Below is my Log:

"{"log":"{'URI': '/api/**/***/search?', 'METHOD': 'POST', 'FINISH_TIME': '2021-Dec-15 12:15:04 CST', 'PROTOCOL': 'http', 'RESPONSE_CODE': 202, 'RESPONSE_STATUS': '202 ACCEPTED', 'RESPONSE_TIME': 4.114464243873954} ","service_name":"Digdug/digdug","container":"Digdug-digdug-2","environment":"PROD"}"

Want to extract "RESPONSE_CODE" value

And show like below

RESPONSE_CODE	Count
202	1
200	6

Thanks

johnhuang · ‎12-15-2021

| rex "RESPONSE_CODE\'\:\s(?<RESPONSE_CODE>\d+)"
| stats count as Count by RESPONSE_CODE

edit: looks like @richgalloway beat me to it.

View solution in original post

richgalloway · ‎12-15-2021

Here's one way.

<your search for Log>
| rex "RESPONSE_CODE':\s*(?<RESPONSE_CODE>\d+)"
| stats count by RESPONSE_CODE

---
If this reply helps you, Karma would be appreciated.

johnhuang · ‎12-15-2021

| rex "RESPONSE_CODE\'\:\s(?<RESPONSE_CODE>\d+)"
| stats count as Count by RESPONSE_CODE

edit: looks like @richgalloway beat me to it.

want to extract field values from log and perform stats on it.

stats

Data Management Digest – November 2025

Splunk Mobile: Your Brand-New Home Screen

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Are you a member of the Splunk Community?

want to extract field values from log and perform stats on it.

stats

Data Management Digest – November 2025

Splunk Mobile: Your Brand-New Home Screen

Introducing Value Insights (Beta): Understand the Business Impact your organization ...