Please find the below attached screenshot and data sample i need to create 5 felids problem statement - old splunk query not working as logging pattern got changed 3/28/25 10:04:25.685 PM ...
See more...
Please find the below attached screenshot and data sample i need to create 5 felids problem statement - old splunk query not working as logging pattern got changed 3/28/25 10:04:25.685 PM 2025-03-28T22:04:25.685Z INFO 1 --- [ool-1-thread-11] c.d.t.l.s.s.e.e.NoopLoggingEtlEndpoint : Completed generation for [DE, 2025-03-28, LOAN_EVENT_SDP, 1]. Number of records: 186 host = lonhybridapp03.uk.db.com source = /var/log/pods/ls2_ls2-intraday-sdp-86854ff574-48dgp_830e2ef9-56be-4996-ae21-127366a78515/ls2-intraday-sdp/0.log sourcetype = kube:container:ls2-intraday-sdp Need below index=*1644* container_name="ls2-sdp-java" $selected_countries$ | rex field=_raw "country=(?P<country>\w+)" (DE) | rex field=_raw "sdpType=(?P<sdpType>\w+)" (LOAN_EVENT_SDP) | rex field=_raw "cobDate=(?P<cobDate>\w+)" (2025-03-28) | rex field=_raw "record-count: (?P<Recordcount>\w+)" (186) | rex field=_raw "\[(?<dateTime>.*)\] \{Thread" (2025-03-28T22:04) | eval DateTime=strptime(dateTime, "%Y-%m-%dT%H:%M:%S,%N") | eval CreatedTime=strftime(DateTime, "%H:%M") | eval CreatedDate=strftime(DateTime, "%Y-%m-%d") above SPL has old query , can you please help me with new rex pattern to extract these fields For clear understanding i have attached required fields in screenshot