How to write a regular expression for capturing elapsed time of requests, with a log in this format.
.......status=[200], time=[687 ms]
?
Hi balach,
best thing to do here is to use props.conf
and transforms.conf
to get this captured:
transforms.conf
[myTransform]
REGEX = (\w+)=\[(\d+)\]
FORMAT = $1::$2
props.conf
[mySourceType]
REPORT-myUniqueClassName = myTransform
Hope this helps ...
cheers, MuS
Hi balach,
best thing to do here is to use props.conf
and transforms.conf
to get this captured:
transforms.conf
[myTransform]
REGEX = (\w+)=\[(\d+)\]
FORMAT = $1::$2
props.conf
[mySourceType]
REPORT-myUniqueClassName = myTransform
Hope this helps ...
cheers, MuS
Is there any way I can capture this without using these .conf files.
Sure, but it will be hard coded this way not as dynamic as the props.conf
and transforms.conf
approach which will pick up the first as field and the second one as value.
Try this regex:
.. | rex "status=\[(?<status>\d+)\],\stime=\[(?<time>\d+)\sms\]" | table status time
Thanks MuS. This helps.