Hi everyone, I'm quite new to splunk.
I encounter this error message "No regex could be learned. Try providing different examples or restriction." while I was trying to extract longitude value using the Interactive field extractor. But I was able to extract Latitude value and this is the regex for the Latitude value that display in the props.conf file "EXTRACT-Latitude = (?i).Double">(?P
Given the data format above, I would choose to do like so;
props.conf
[your_sourcetype]
EXTRACT-lat = >(?<latitude>[^<]+)</d:latitude
EXTRACT-long = >(?<longitude>[^<]+)</d:longitude
/K
Just use the Latitude extraction as a template here, change latitude for longitude in both places and you should be good to go.
Oh, right. Didn't see that 🙂
Problem is that the EXTRACT in the original question would capture both long and lat, calling them both latitude (or just keeping one of them if it's not a multi-valued field).
Hi, it's a xml data.
Log samples please? Hard to tell you what your regular expression should look like otherwise.