×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
lyanwoah
New Member
Member since: ‎01-29-2016
‎06-05-2020
Community Statistics
Posts 3
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎01-29-2016
Activity Feed
View All

Re: How to create a new field from a dynamic inter...

by in Splunk Search
‎05-17-2016 08:57 AM
‎05-17-2016 08:57 AM
Great! It works for 80% of my alerts. index=dynatrace sourcetype=alert | table dtIncidentViolations.* | transpose | table column | rex field=column "(?P\w+)(?:\{| \((?[\w_@\.]+))" Is it possible to make fields APP and JVM two new interesting fields ? It will be more easy to use it because my search will look like that and won't be easy to modify : index = dynatrace sourcetype = alert ( MAE ) OR ( FILIP ) OR ( GAEL ) OR ( BOUTIQUESVIR ) OR ( APOGEE ) OR ( NEWAUTO ) | table dtIncidentName dtIncidentViolations.* | transpose 500 column_name="Appli" header_field=dtIncidentName include_empty=false | rex field=Appli "(?P\w+)(?:\{| \((?[\w_@\.]+))" | stats count("Failure rate too high") as "Taux d'erreur", count("Average response time degraded") as "Tps réponse dégradé",count("Application Process Unavailable (unexpected)") as "Perte connectivité JVM",count("Application Process Out-of-Memory") as "Out-of-Memory" by APP ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM