×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
amandahaydaw199
New Member
Member since: ‎03-30-2019
‎06-05-2020
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎03-30-2019
Activity Feed
Topics I've Started
View All

Splunk regex field

by in Splunk Search
‎03-30-2019 04:33 AM
‎03-30-2019 04:33 AM
I am trying to regex correlation Id's, that will be having a different unique number in every transaction. I am using below query but it's not fetching correct value (Correlation ID ), Splunk query : timeformat="%d/%m/%Y %H:%M:%S" earliest="28/03/2019 15:38:08" latest="28/03/2019 18:08:08" host="splunk-max-tk.global.com.local:9090" "correlationid_test1234" "request flow lambda starts" OR "response flow lambda ends" | rex field=_raw "2019*(?.*?)" | where isnotnull(correlationId) | transaction correlationId startsWith="request flow lambda starts" endsWith="response flow lambda ends" | dedup correlationId Splunk LOGS : 28/03/2019 18:08:03.748 2019-03-28T18:08:03.748402+11:00 [correlationid_test1234hfkfhsfkfsjhfjlsdhfjl] INFO [init.py 187] request flow lambda starts 2019-03-28T18:08:05.129540+11:00 [correlationid_test1234hfkfhsfkfsjhfjlsdhfjl] INFO [init.py 187] response flow lambda ends ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM