Hello,
I am trying to come up with the splunk search command that I need to extract a number, which is not indexed. I need to extract the number after the "balance" word below.
2013-01-29 11:43:48,163 level=INFO Running http request with balance 115076
So I put in my Splunk index the "http request", and I get all the matches for "http request"
and I only care to show the balances that are bigger than 1,000.
I have been doing a lot of research, but I haven't found anything that actually does what I am trying to do regex but I haven't been successful. Any help, any pointers, greatly appreciated.
... View more