Scenario: Event lines in the log come with varying number of key=value pairs, where nothing is predetermined: Neither the names of the keys, nor the set of values, nor the number of such key=value pairs found in the log.
The question is: How to create generic, dynamic processing search/eval construct, that can gather and process such values from the eventdata? (i.e. only “=” and “,” delimiters are standardized).
Giving below is an example that would show the situation. Any help will be deeply appreciated!
Specification:
<< some std. access_combined fields here>> followed by: indefinite, comma-separated K=V pairs
where K=V format is: methodName=DurationInteger
Sample Log data example:
Event1: … method1=100,method2=250,method3=150
Event2: … method1=125,method2=275,method3=325,methodSome=300,method5=50
Event3: … method1=15,method2=35,methodOther=100,nextMethod4=500
Event4: … method1=125,method2Last=275
Event5: … methodSolo=400
Regex/Search/Eval expression needed to be built that can dynamically gather and sum-up all the integer numbers representing the duration values of all the above method-names without knowing the number of such key=value pairs in advance in any eventdata line (i.e. the answer should be = 3025 for the entire transaction that constitute the above five events). Any insights would be greatly appreciated. Happy Easter!
... View more