×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Jagdish
Loves-to-Learn Lots
Member since: ‎12-02-2020
‎03-18-2021
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎12-02-2020
View All

Re: Extract Http status from - event text -.. [202...

by in Splunk Search
‎12-03-2020 03:15 AM
‎12-03-2020 03:15 AM
Thanks , but its not working it does not showing either of field value. ... View more

Extract Http status from - event text -.. [2020-11...

by in Splunk Search
‎12-02-2020 05:19 AM
‎12-02-2020 05:19 AM
i am trying to extract http status from below event row text using search , but could not able to get status, event content -  .. [2020-11-26T11:27:56.025047450Z] "PUT /sendmail HTTP/1.1" 400 203 252 "-" ... search : | rex field=_raw "(?<prevFields>.*)\"PUT /sendmail HTTP/\d+\.\d+\"  (?<statusFieldStart>.*)" | table prevFields statusFieldStart if i remove  \" , that is highlighted one , then i am getting statusFieldStart with content " 400 203 252 "-" ,that having double quote at start , want to remove it so i can extract status field complete. anything am i missing here ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎03-18-2021 08:39 AM