Here is a log example - {"log_time":"2021-08-27T07:16:46.178275260+00:00","output":"stdout","log":"2021-08-27 07:16:46.178 [INFO ] [her-49] a.a.ActorSystemImpl - Logged Request:HttpMethod(POST):http://id-test.api-gateway.sit.ls.api.com/repos/hrn:idmrepo-sit::ol:idm_team_internal_test/ids/getOrCreate/bulk?streaming=true&dscid=GvaIrM-cb4005f6-a828-4fd7-9f54-6082e2912716:200 OK:4","k8scluster":"borg-dev-1-aws-west-1","namespace":"*","env":"DEV","app_time":"","time":"1630048606.178275260"} I need to extract the digits after "OK:" (here highlighted in red color) as time in ms. I am just started using splunk. I am trying this - rex "([^\:]+$)(?P<duration>.+)" | stats exactperc98(duration) as P98 avg(duration) as AVG by log But this is not working.
... View more