Splunk Search

How to write the regex to extract a number within a string and the path that appears after the string in my search results?

pavanae
Builder

The following were the strings visible in my Splunk search results…

An error occurred at line: 127 in the jsp file: /uk/store.jsp
An error occurred at line: 23 in the jsp file: /browse/find_it_content.jsp
An error occurred at line: 1 in the jsp file: /browse/find_it_content.jsp

Now I want to extract the field and display the count for the path that appears after the string An error occurred at line: 1 in the jsp file: and also for the line number it appeared.

Need the results like this :

Line_number        file                   count
56                 /browse/stats.jsp      (some count)
….                 ……..                   (some count)
0 Karma
1 Solution

richgalloway
SplunkTrust
SplunkTrust

This should get you started.

... | rex "An error occurred at line: (?<Line_number>\d+) in the jsp file: (?<file>.*)" | stats count by Line_number file | table Line_number file count
---
If this reply helps you, Karma would be appreciated.

View solution in original post

richgalloway
SplunkTrust
SplunkTrust

This should get you started.

... | rex "An error occurred at line: (?<Line_number>\d+) in the jsp file: (?<file>.*)" | stats count by Line_number file | table Line_number file count
---
If this reply helps you, Karma would be appreciated.

pavanae
Builder

Worked Great Thanks.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...