Solved: Re: Regular expression only one value

leandromatperei · ‎08-11-2020

Dear, I need to identify some duplicate events that are right after the "Call-ID:", however in Splunk I am not getting him to identify this field:

index=teste "*CALL-ID*" :

Aug 11 14:50:42 10.178.214.7 1 2020-08-11T14:50:41.979000-03:00 localhost GroupSeries - - [NXLOG@14506 EventReceivedTime="2020-08-11 14:50:42" SourceModuleName="plcmlog" SourceModuleType="im_file"] CEng: SIPMSG: Call-ID: 2932867290-4209

Aug 11 14:50:34 10.53.96.71 1 2020-08-11T14:50:25.326000-03:00 G7500-4D2120F2 GroupSeries - - [NXLOG@14506 EventReceivedTime="2020-08-11 14:50:34" SourceModuleName="plcmlog" SourceModuleType="im_file"] CEng: SIPMSG: Call-ID: 1112255280-4006

Aug 11 14:50:34 10.53.96.71 1 2020-08-11T14:50:25.080000-03:00 G7500-4D2120F2 GroupSeries - - [NXLOG@14506 EventReceivedTime="2020-08-11 14:50:34" SourceModuleName="plcmlog" SourceModuleType="im_file"] CEng: SIPMSG: Call-ID: 1112255280-4006

thambisetty · ‎08-11-2020

| rex “Call-ID:\s+(?<callid>.*)$”

value will be extracted to field callid

————————————
If this helps, give a like below.

View solution in original post

thambisetty · ‎08-11-2020

| rex “Call-ID:\s+(?<callid>.*)$”

value will be extracted to field callid

————————————
If this helps, give a like below.

Regular expression only one value

regex

Database Performance Sidebar Panel Now on APM Database Query Performance & Service ...

IM Landing Page Filter - Now Available

Dynamic Links from Alerts to IM Navigators - New in Observability Cloud