How to fetch the values from logs

aditsss · ‎08-08-2023

Hi All,

Below is my raw log

2023-08-08 10:25:48.389 [INFO ] [Thread-3] CollateralProcessor - Completed calculating total balances: Opening Balance: 27321564738.9

Closing Balance: 27223794872.86

Age Total Balance: 27223794872.86

Collateral Sum: 27223794872.86

Its coming like this:

I tried with this but no result:

index="abc" sourcetype =600000304_gg_abs_ipc2 source="/amex/app/gfp-settlement-transform/logs/gfp-settlement-transform.log" "CollateralProcessor - Completed calculating total balances:"| rex "CollateralProcessor - Completed calculating total balances: Opening Balance=(?<Opening Balance>)"|table Opening Balance

inventsekar · ‎08-08-2023

Please check this one...

index="abc" sourcetype =600000304_gg_abs_ipc2 source="/amex/app/gfp-settlement-transform/logs/gfp-settlement-transform.log" "CollateralProcessor - Completed calculating total balances:"| rex "Opening Balance:\s(?P<OpeningBalance>\d+)"|table OpeningBalance

bowesmana · ‎08-08-2023

You log has Opening Balance: and NOT Opening Balance=

Also, it looks like you have a multiline event, so you should use (?m) and/or (?s) in your rex regex

m is multiline mode and s is match newlines.

Please post your SPL code snippets in a CODE tag </>

How to fetch the values from logs

chart

panel

Combine Multiline Logs into a Single Event with SOCK - a Guide for Advanced Users

Everything Community at .conf24!

Index This | I’m short for "configuration file.” What am I?