Solved: how to search using subsearch of occurence of a v...

VikashSharma47 · ‎05-24-2021

Hi Team,

I have a search query that searches for checking the busy tread and showing their occurrence in the log the value I need to print in the Splunk dashboard. We need printing bsy value beside the bsy like bsy 1,bsy 2 so we want to print those 1,2 value.

Attached the image for reference

@scelikok @gcusello and all Splunk enthusiastic please help

ITWhisperer · ‎05-24-2021

I have a space in my rex expression which you don't appear to have. Perhaps being more explicit about the space might help

| rex "(?<bsy>bsy\s\d+)"

View solution in original post

ITWhisperer · ‎05-24-2021

| rex "(?<bsy>bsy \d+)"

VikashSharma47 · ‎05-24-2021

Hi @ITWhisperer ,

I tried your given solution but it doesn't affect anything in the search. My ask is to fetch the result from the result. Actually, I need to print that bsy value which is beside it, and count for it. Attach the image for your reference. Anyway thanks a lot for looking into my queries. The result shows here in the image as bsy 3 so I need that 3 value has to printed.

ITWhisperer · ‎05-24-2021

I have a space in my rex expression which you don't appear to have. Perhaps being more explicit about the space might help

| rex "(?<bsy>bsy\s\d+)"

View solution in original post

VikashSharma47 · ‎05-24-2021

Thanks @ITWhisperer , It's working

how to search using subsearch of occurence of a value

eval

field extraction

search job inspector

stats

subsearch

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.

Learn More or Register Now >