Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to write regex?

Ash1
Communicator
‎05-19-2023 05:53 AM

form the below logs i want to capture  "appDesc" data using regex.

 

2023-05-02 22:27:20,100 | info application status https:www.codeurl
[
Response: 200 ok- https:www.codeurl
"appDesc" : "User not within error limit"
{
"appcd" : "0",
"appDesc" : "fraud app dected risk tolerance"
}   ],

 

 

 

2023-05-02 22:27:20,100 | info application status https:www.codeurl
[
Response: 200 ok- https:www.codeurl
"appDesc" : "User not within error limit"
{
"appcd" : "0",
"appDesc" : "fraud app dected risk tolerance"
}   ],

 

 

Labels (1)
Labels
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎05-19-2023 06:26 AM

https://regex101.com/r/2G9G0h/1

appDesc\"\s:\s\"(?<appDesc>[^\"]+)
| rex max_match=0 "appDesc\"\s:\s\"(?<appDesc>[^\"]+)"
Reply
Get Updates on the Splunk Community!

Database Performance Sidebar Panel Now on APM Database Query Performance & Service ...

We’ve streamlined the troubleshooting experience for database-related service issues by adding a database ...

IM Landing Page Filter - Now Available

We’ve added the capability for you to filter across the summary details on the main Infrastructure Monitoring ...

Dynamic Links from Alerts to IM Navigators - New in Observability Cloud

Splunk continues to improve the troubleshooting experience in Observability Cloud with this latest enhancement ...