Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Need help to grep for a string from a search query.

chetanhonnavile
Explorer
‎03-02-2017 03:19 PM

Below is the sample result i get after running a query.

Mar  2 19:38:25  myhost  apache2: "123.12.13.14" - - [02/Mar/2017:19:38:25 +0000] "POST /here/is/my/url?p=12345a-12d-12e-12r-123456&t=1111ea-11c1-111e-111c-1111111-99999999 HTTP/1.1" http_status_code=500 http_response_bytes=291 http_referer="-" http_user_agent="Java1.6.0_75" http_response_time=6526 http_ttfb=6439

I need to extract that 9999999 ( after those 1111's) and list out in a separate field.I am finding difficult time to use rex in Splunk.Somebody please help me out here.

Tags (1)
0 Karma
Reply

skoelpin
SplunkTrust
SplunkTrust
‎03-03-2017 05:03 AM

This will extract the last digits before the HTTP/1.1 and the field name will be Digits

... rex | (?<Digits>\d+)\sHTTP\/1\.1

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...