cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
ctsurumaki
Explorer
Member since: ‎04-18-2023
‎05-02-2023
Community Statistics
Posts 4
Solutions 0
Karma Given 3
Karma Received 0
Member Since ‎04-18-2023
Activity Feed
View All

How to match with rex if pattern can contain optio...

by in Dashboards & Visualizations
‎05-01-2023 02:05 PM
‎05-01-2023 02:05 PM
  I have a search query where the "# of Transactions Processed:" string sometimes contains one or more whitespaces before the numeric value but sometimes no whitespace The below works fine for this example message  | search message="# of Transactions Processed:51"  | rex field=message "Processed:(?<ProcessedCount>\d+)"   But if the message has a space after the colon and before the number, then it doesn't match unless I add a space after the colon: | search message="# of Transactions Processed: 51"  | rex field=message "Processed: (?<ProcessedCount>\d+)"   Been struggling to find a good solution to this and was wondering if any of you Splunkers had figured this out previously 🙂   I could add another |rex with the second option but was hoping there was a more elegant and efficient way to accomplish it.   many thanks in advance !   ... View more
Labels

Re: How to summarize these search results?

by in Splunk Search
‎04-21-2023 08:37 AM
‎04-21-2023 08:37 AM
Thanks!  This worked perfectly 🙂 ... View more

Re: How to summarize these search results?

by in Splunk Search
‎04-20-2023 10:33 AM
‎04-20-2023 10:33 AM
Thanks ITWhisperer - will give it a try 🙂  Much appreciated! ... View more

How to summarize these search results?

by in Splunk Search
‎04-18-2023 02:06 PM
‎04-18-2023 02:06 PM
Hello fellow splunkers! I'm getting these results from my splunk search but struggling to find a way to summarize the last numbers from the results.  In the example below (31 + 3 + 98 + 7 + 35) and get a total count of 174 which I could display as a new field? Just started using splunk and will take some training but thought one of the experts out there might have be able to help. Best regards and thanks! index="logs" sourcetype="_json" | extract pairdelim="{,}" kvdelim=":" |fields message,robotName,timeStamp,Level,processName| search message="G3*Total Claims count is - *" processName="GroupClaimsDispatcher_GroupClaimsDispatcher" robotName="Unattended_Robot73"| table  timeStamp,Level,processName,robotName,message| dedup message | sort -timeStamp   2023-04-17T16:45:41.1960125Z Info GroupClaimsDispatcher_GroupClaimsDispatcher Unattended_Robot73 G3 --- Total Claims count is - 31 2023-04-17T16:44:16.8150041Z Info GroupClaimsDispatcher_GroupClaimsDispatcher Unattended_Robot73 G3 --- Total Claims count is - 3 2023-04-17T10:00:44.2792246Z Info GroupClaimsDispatcher_GroupClaimsDispatcher Unattended_Robot73 G3 --- Total Claims count is - 98 2023-04-17T10:00:21.3532608Z Info GroupClaimsDispatcher_GroupClaimsDispatcher Unattended_Robot73 G3 --- Total Claims count is - 7 2023-04-17T09:59:20.2110636Z Info GroupClaimsDispatcher_GroupClaimsDispatcher Unattended_Robot73 G3 --- Total Claims count is - 35   ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎05-02-2023 11:46 AM
Karma given to
View All