In the below log file: the users are JACK, ROGER
I used something like this: source="/var/log/splunk/splunkcloud/" message=*User
I need to just get the User from the below message string.
{[-]
app : "test_res",
level : 1,
message : "User JACK logged into Serv from IP address: x.xx.xxx.xx",
time : "2014-04-16T17:28:26+00:00"
}
Show as raw text
date_hour=17 Options| date_mday=16 Options| date_minute=23 Options| date_month=april Options| date_second=2 Options| date_wday=wednesday Options| date_year=2014 Options| date_zone=local Options| host=splunk Options| index=main Options| linecount=1 Options| punct={"":"","":"____:...","":,"":"--::+:"} Options| source=/var/log/splunk/splunkcloud.log Options| sourcetype=access_combined Options| splunk_server=splunk Options
2 » 4/16/14
5:23:02.000 PM
{[-]
app : "test_res",
level : 1,
message : "User ROGER logged into ownCloud from IP address: xx.xx.xxx.xx",
time : "2014-04-16T17:28:25+00:00"
}
Show as raw text
date_hour=17 Options| date_mday=16 Options| date_minute=23 Options| date_month=april Options| date_second=2 Options| date_wday=wednesday Options| date_year=2014 Options| date_zone=local Options| host=splunk Options| index=main Options| linecount=1 Options| punct={"":"","":"____:...","":,"":"--::+:"} Options| source=/var/log/splunk/splunkcloud.log Options| sourcetype=access_combined Options| splunk_server=ala-splunk
... View more