Splunk Search

How to write the regex to extract a number within a string and the path that appears after the string in my search results?

pavanae
Builder

The following were the strings visible in my Splunk search results…

An error occurred at line: 127 in the jsp file: /uk/store.jsp
An error occurred at line: 23 in the jsp file: /browse/find_it_content.jsp
An error occurred at line: 1 in the jsp file: /browse/find_it_content.jsp

Now I want to extract the field and display the count for the path that appears after the string An error occurred at line: 1 in the jsp file: and also for the line number it appeared.

Need the results like this :

Line_number        file                   count
56                 /browse/stats.jsp      (some count)
….                 ……..                   (some count)
0 Karma
1 Solution

richgalloway
SplunkTrust
SplunkTrust

This should get you started.

... | rex "An error occurred at line: (?<Line_number>\d+) in the jsp file: (?<file>.*)" | stats count by Line_number file | table Line_number file count
---
If this reply helps you, Karma would be appreciated.

View solution in original post

richgalloway
SplunkTrust
SplunkTrust

This should get you started.

... | rex "An error occurred at line: (?<Line_number>\d+) in the jsp file: (?<file>.*)" | stats count by Line_number file | table Line_number file count
---
If this reply helps you, Karma would be appreciated.

pavanae
Builder

Worked Great Thanks.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...