×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
nunyabizness123
New Member
Member since: ‎02-08-2017
‎06-05-2020
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎02-08-2017
View All

What is the best way to extract data when my log h...

by in Splunk Search
‎02-08-2017 01:03 PM
‎02-08-2017 01:03 PM
How would I go about parsing out/extracting the field data for the following log format? "fieldname1":"fieldvalue1","timestamp":"2017-02-07 14:19:54.166","ip_address":"3.3.3.3","user_id":"USER1" "fieldname1":"fieldvalue1","timestamp":"2017-02-07 14:19:52.395","fieldname2":"fieldvalue2","user_id":"USER2" "fieldname1":"fieldvalue1","timestamp":"2017-02-07 14:19:50.316","ip_address":"8.8.8.8","fieldname2":"fieldvalue2" Not all lines of logs will contain all the same fields, but field names are constant. The fields are always comma separated and then in "field":"value" pairs. Currently, I have separate field extractions for each interesting field such as: \"fieldname1\":\"(?P[a-zA-z]*) Is this the right way to do this or is there an easier or more proper method? ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM