×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
buddhabelly
New Member
Member since: ‎08-29-2012
‎06-05-2020
Community Statistics
Posts 4
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎08-29-2012
View All

Re: How to extract numeric data from a String name...

by in Splunk Search
‎08-30-2012 12:54 PM
‎08-30-2012 12:54 PM
Yes that did it! The missing backslash was the culprit Thank you very much!! This is my first foray into using SPLUNK and I can see how valuable it can be. This is all in test right now but I created a dashboard panel off of the query you helped with and I can see how I can track my Apps performance is certain areas. Very cool!! Thanks again! ... View more

Re: How to extract numeric data from a String name...

by in Splunk Search
‎08-30-2012 06:57 AM
‎08-30-2012 06:57 AM
Thanks for your reply. No "Time" is not listed as an extracted field in the side bar. If you look at my first post, the bolded part is what the App writes out. None of those value pairs are available to select from the sidebar. I tried your suggestion with the "rex" command but I get 0 results. Thanks for the pointer though! I also looked at "extract" but could not get any results with that either. I looked at the help for "rex" but could not see what the "?P" and "d+" are doing in the command? Do you have any suggestions or pointers where I could go to figure this out? Thanks again!! ... View more

Re: How to extract numeric data from a String name...

by in Splunk Search
‎08-29-2012 11:40 AM
‎08-29-2012 11:40 AM
Thanks for the info. I have tried using both capital and non capital to no avail. Maybe I need to write out my data differently? Just wite out the number? But again since it will be in a string I can't seem to figure out how to write the search statement in a way that will only pick up some of the events that are over a threshold. ... View more

How to extract numeric data from a String name val...

by in Splunk Search
‎08-29-2012 09:12 AM
‎08-29-2012 09:12 AM
Hello, I am new to SPLUNK and have gone through the tutorials about searching for data and have managed to find some basic things I am looking for. However this is my situation: I have an App that writes to the Windows event log. It writes out some name value pairs that end up looking like this in the Windows Event log and in the SPLUNK events: Message=The VB Application identified by the event source logged this Application XXX: Thread ID: 5924 ,Logged: Process=XXXX ID={XXXXXX-696B-4136-9162-5DE0FA5D5F64} Time=3214. The bolded part is what the App writes to the event log. I can find these specific events fine but now I would like to create an alert when the "Time" value is over a certain amount (performance monitoring). I've tried various combinations in my search ("time>3000"; time>3000; "time!=2***" etc) but each time I get 0 results. Can I create a search out of a message string that includes numeric functions? Something like this Time>3000? Thanks for any help!! BB ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:03 AM