Thanks now i understood the field name purpose looks like we have to assign variable for the search field from where I have to extract the log and then do regex on the assigned variable but the issue is this number is a dynamic and it keeps getting updated for every 15 minutes my ultimate goal is to find the difference and graph that count in a nice graph.

2014/09/28 08:45:00,910 Info   CS Traffic: SecureServer ABC: 2412182 / 000
2014/09/28 09:00:00,912 Info   CS Traffic: SecureServer ABC: 2413791 / 000

The below query doesnt return the number so that i can perform difference of the next number

head 1 |eval foo="0140928.log:2014/09/28 06:45:00,911 Info CS Traffic: secureserver ABC: 2394528 / 000" | rex field=foo "\:\s+(?\d{7})\s+\/" | table myNum

Tried below option too

eval foo="*.log:* Info CS Traffic: secureserver ABC:"| rex field=foo "\:\s+(?\d{7})\s+\/" | table myNum

Look, I did provide you an example how it works - if you keep changing your searches to strings that cannot match, you will never get it working.

Read the docs on the search basics http://docs.splunk.com/Documentation/Splunk/latest/SearchTutorial/WelcometotheSearchTutorial and use this regex to get it working | rex ":\s\+(?\d+)\s+/"

I'm off this topic for now.......

I am not able to get just the number from the search On a unix command prompt with grep option,sed i amsimply getting just number from the log but the same thing I try to do search in the splunk its not working . I am totally stuck and not able to proceed further. Can some one please help?

In unix command prompt i can get the same number 2394528 by following command and same one is not working in splunk

sed s~^.: *([0-9]) /.*$~\1~

0140928.log:2014/09/28 06:45:00,911 Info CS Traffic: secureserver ABC: 2394528 / 000

secureserver ABC:" | rex ":\s+(?\d{7}\s+\/" -- doesnt give the number

This works like a charm:

index=_internal | head 1 |  eval foo="0140928.log:2014/09/28 06:45:00,911 Info CS Traffic: secureserver ABC: 2394528 / 000" | rex field=foo "\:\s+(?<myNum>\d{7})\s+\/" | table myNum

Thanks for the input For below format log

0140928.log:2014/09/28 06:45:00,911 Info CS Traffic: secureserver ABC: 2394528 / 000
20140928.log:2014/09/28 07:00:00,910 Info CS Traffic: secureserver ABC: 2397206 / 000 

I tried "secureserver ABC:" | rex "\:\s+(?\d{7}\s+\/)" just to see if i get the number and its not working. actually I tried below
"secure ABC: | rex "\s+\K\d{7}(?=\s+\/)" and it gives me missing group name not sure what i am doing here.
I think in this rex "\:\s+(?\d{7}\s+\/)" groupname is MyNumber and can be any name right ?.

No, you did not provide any group name in your regex's. Just try this as a start:

your base search here that provides the needed events | rex field=_raw ":\s\+(?<myNumber>\d+)\s+/" | delta myNumber 

PS: Don't search for your base search here that provides the needed events this is just a place holder 😉

Well I am getting " Error in 'SearchParser': Missing a search command before '"' and doesnt return any value. Can some one please help,??
Below is my search query

"SecureServer PPS" | "secureserver ABC:" | rex ":\s+(?\d+)\s+\/" | delta myNumber

I think you should start here http://docs.splunk.com/Documentation/Splunk/latest/SearchTutorial/WelcometotheSearchTutorial ....

but as a hint try this :

"SecureServer PPS" OR "secureserver ABC:" | rex ":\s\+(?<myNumber>\d+)\s+/" | delta myNumber