×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
amit2312
Explorer
Member since: ‎09-07-2022
‎05-14-2025
Community Statistics
Posts 8
Solutions 0
Karma Given 2
Karma Received 0
Member Since ‎09-07-2022
Activity Feed
View All

Re: How to extract field value with alphanumeric v...

by SplunkTrust in Splunk Search
‎05-16-2025 08:12 AM
‎05-16-2025 08:12 AM
Hi regex101.com is your friend, when you need to start with regex. Here is your example https://regex101.com/r/Tu8JB5/1 In splunk you have couple of ways to get this done. Use rex as @livehybrid shows and create that rex e.g. by regex101.com Use splunk | makeresults | eval _raw ="2025-05-15T04:32:12.397Z INFO 1 --- [nio-8080-exec-4] x.y.z.y.LDAPAccountServiceImpl : [Request END] Failed : Cannot fetch secret for Vault Engine - XYXR_VPN_Engine, AIT - 9876 Service ID - zywstrf 2025-05-15T04:32:12.397Z INFO 1 --- [nio-8080-exec-4] x.y.z.y.LDAPAccountServiceImpl : [Request END] Failed : Cannot fetch secret for Vault Engine - XYXR_VPN_Engine, AIT - 9876 Service ID - abc123f 2025-05-15T04:32:12.397Z INFO 1 --- [nio-8080-exec-4] x.y.z.y.LDAPAccountServiceImpl : [Request END] Failed : Cannot fetch secret for Vault Engine - XYXR_VPN_Engine, AIT - 9876 Service ID - 1234-abcehu09_svc06-app_texsas_14455" | multikv noheader=t ``` Above prepare sample data ``` | rex field=_raw "Service ID - (?<serviceID>.*$)" | table serviceID​   use Splunk with rex | makeresults | eval _raw ="2025-05-15T04:32:12.397Z INFO 1 --- [nio-8080-exec-4] x.y.z.y.LDAPAccountServiceImpl : [Request END] Failed : Cannot fetch secret for Vault Engine - XYXR_VPN_Engine, AIT - 9876 Service ID - zywstrf 2025-05-15T04:32:12.397Z INFO 1 --- [nio-8080-exec-4] x.y.z.y.LDAPAccountServiceImpl : [Request END] Failed : Cannot fetch secret for Vault Engine - XYXR_VPN_Engine, AIT - 9876 Service ID - abc123f 2025-05-15T04:32:12.397Z INFO 1 --- [nio-8080-exec-4] x.y.z.y.LDAPAccountServiceImpl : [Request END] Failed : Cannot fetch secret for Vault Engine - XYXR_VPN_Engine, AIT - 9876 Service ID - 1234-abcehu09_svc06-app_texsas_14455" | multikv noheader=t ``` Above prepare sample data ``` | erex serviceID examples="zywstrf,abc123f" | table serviceID​ Use Splunk's "Extract new field" feature under "Interesting fields" and then select regex and follow those instructions. There are two more places in GUI where you could found this same functionality 😉 Please accept solution for answer which helps you to solve this issue. That way also other people will know what to do when they are looking an answer for same issue.    ... View more

Re: How to create a dashboard using the extracted ...

by in Splunk Search
‎05-14-2025 10:24 PM
‎05-14-2025 10:24 PM
Hi, Thanks a lot for your help, it really helped. Regards, AKM ... View more

Re: Get total count of a field per host

by in Splunk Search
‎09-09-2022 01:41 PM
‎09-09-2022 01:41 PM
Thanks a lot for your help. it worked. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎05-14-2025 10:24 PM
Karma given to
View All