I am trying to write a rexcommand that extracts the field "registrar" from the below four event examples. The below values in bold are what i am looking for to be the value for "registrar". I...
Looking for help with this rexcommand. I want to capture the continuous string after "invalid user" whether it has special characters or not. Here are some examples from my data set (abc is just a...
...re-rulebase application-override rules" as 2 examples of possible values. I need to extract the value in between "device_group" and "per_rulebase...." and assign this as Y. So, if X = "device-group A...
Hello, I'm having a really hard time pulling the status code from an HA proxy log using a rexcommand. there are a number of reasons i cant use field extraction that i don't want to go into, but j...
...nd outputs to a table. Example:
index=team_f5_metrics F5-BIGIP-SYSTEM-MIB::sysCmSyncStatusSummary.0 | rex "STRING: (?<Sync_Status>.*)$" | table host _time Sync_Status
This may return s...
I need to extract the values between >>>>|| || and after the >>>>|| || referring the below sample and output should be like
values between>>>>||1407|...
Hi
try to use transaction command, but actionName is empty!
Here is my SPL
| rex "actionName.*\.(?<actionName>\w+\.\w+)\]" | rex "duration\[(?<duration>\d+)"
| rex "t...
...rovider Device..] and FLD[Wallet Provider Accoun..] are present but FLD[Wallet Provider Reason..] is missing
In the above examples all three fields are present. I wanted to identify F...
...ecoded field which gives a "p" thing as a result. Examples of | Search NOT: Example of Stats resulted "p": | rex field="process" ".*-(e|E)(n|N)[codemanCODEMAN]{0,12}\ (?<p...
...eady and confirmed on regex101.com. But I tried some of the below in my search and no luck. I've looked up rexcommand and examples on answers.splunk.com as well. But not sure how I can use rexcommand...