×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
arielbintang
New Member
Member since: ‎11-25-2023
‎11-26-2023
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎11-25-2023
Activity Feed
View All

Re: Multiple capture groups not capturing

by in Splunk Search
‎11-26-2023 01:10 AM
‎11-26-2023 01:10 AM
Thanks for verifying! When I copy paste my log directly to the search box from the log message field and used your makeresults, I see that actually some of the spaces are actually  character; do you know why perhaps its not shown in the results itself (and I have to copy paste)? ... View more

Multiple capture groups not capturing

by in Splunk Search
‎11-25-2023 02:02 PM
‎11-25-2023 02:02 PM
I have the following log structure:   2023-11-25T21:18:54.244444  [  info      ]  I am a log message  request = GET /api/myendpoint    request_id = ff223452 I can capture the date and time (without the 244444 part) using: rex field=myfield "(?<timestamp>\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2})\.\d+" and timestamp is properly captured. But if I try to extend this and want to capture the log level as well with for example: rex field=myfield "(?<timestamp>\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2})\.\d+\s+\[\s*(?<loglevel>\w+)\s*\]\s+" It didn't work; none of the timestamp nor the loglevel is captured. What am I doing wrong? ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎11-26-2023 05:36 AM