Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Help extracting fields from raw event

hippe21
Explorer
‎03-28-2017 05:08 PM

Here's what my raw event looks like:

58daf92d66c83d000e469dfd.txt unsupported file format

I'd like to extract the following below during a search, to pull these fields:

  • task = 58daf92d66c83d000e469dfd
  • fileExt = .txt
  • errorReason = unsupported file format

How can I accomplish this using Rex?

Tags (3)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gjanders
SplunkTrust
SplunkTrust
‎03-29-2017 12:49 AM

Maybe something like:

| rex "(?P<task>^[^\.]+)(?P<fileExt>\S+\s(?P<errorReason>.*)"

I'm unsure if that first part should be [^.] or [^.]

The built in regular expression creator could help here or sites like https://regex101.com/

-
Alerts for Splunk Admins, Version Control for Splunk, Decrypt2 VersionControl For SplunkCloud

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

gjanders
SplunkTrust
SplunkTrust
‎03-29-2017 12:49 AM

Maybe something like:

| rex "(?P<task>^[^\.]+)(?P<fileExt>\S+\s(?P<errorReason>.*)"

I'm unsure if that first part should be [^.] or [^.]

The built in regular expression creator could help here or sites like https://regex101.com/

-
Alerts for Splunk Admins, Version Control for Splunk, Decrypt2 VersionControl For SplunkCloud
0 Karma
Reply
Solved! Jump to solution

hippe21
Explorer
‎03-29-2017 07:19 AM

This is exactly what I needed, thank you!

0 Karma
Reply
Get Updates on the Splunk Community!

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...

Adoption of Infrastructure Monitoring at Splunk

  Splunk's Growth Engineering team showcases one of their first Splunk product adoption-Splunk Infrastructure ...

Modern way of developing distributed application using OTel

Recently, I had the opportunity to work on a complex microservice using Spring boot and Quarkus to develop a ...