×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
rpachamuthu
Explorer
Member since: ‎09-11-2022
‎08-10-2023
Community Statistics
Posts 5
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎09-11-2022
Activity Feed
View All

Re: Extract only first occurrence between two stri...

by in Splunk Search
‎04-21-2023 11:09 AM
‎04-21-2023 11:09 AM
That's a more effective pattern (148 vs 178 steps), use @richgalloway's pattern :)! ... View more

Re: How to display comma separated in two column i...

by SplunkTrust in Splunk Search
‎09-28-2022 08:17 PM
‎09-28-2022 08:17 PM
If the first part doesn't contain comma, you can simply do   index=**** source=*ResponseAnalyzer* | rex field=ExistingFieldMaybe_raw "^(?<My1stCaptureFieldName>[^,]+)[,\s]+(?<My2ndCaptureFieldName>[^,]+)"   This will give you something like My1stCaptureFieldName My2ndCaptureFieldName case_S56_search_Get_T01_search {"success":false "message":"Note not found: 52229548" "messageCode":"**" "localizedMessage":"Note not found: *****" "responseObject":null "warning":null} Is this what you are asking? Also curious: are you sure that the second part is not a conformant JSON object, i.e., there is no "," between fields? (No effect on rex.)   ... View more

Re: Help with Search in XML file-Multiple lines da...

by SplunkTrust in Splunk Search
‎09-12-2022 09:27 PM
‎09-12-2022 09:27 PM
Hi @rpachamuthu, Please try below sample; index=perf-*** host=****** source=/home/JenkinsSlave/JenkinsSlaveDir/workspace/*/project/logs/*SamplerErrors.xml | spath | rename *{@*} as *_* | stats values("sample.httpSample.responseData") as responseData by sample_tn ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎08-10-2023 03:51 PM
Karma given to
View All