How to Extract the files - each line has different... - Splunk Community

Splunk Dev

I want to Extract the below ,

2018-01-08T04:43:00,700|[http-nio-9094-exec-10]|INFO|VM1|com.alb.bps.retrieval.service.DocumentRetrievalServiceImpl|DA4885B49C8376878C57DB952FD84E39|99aee0b4-f912-4526-a9af-6fb9c27c5fe0|USER1|Normal|IBD1|com.alb.bps.retrieval.service.DocumentRetrievalServiceImpl| DocId = 1470| Execution Time : 6097milliseconds

2018-01-08T05:01:03,183|[http-nio-9094-exec-7]|INFO|VM2|com.alb.bps.retrieval.service.DocumentRetrievalServiceImpl|01D362DD96D7E608E83023B02D5B9508|67a81da1-3810-4c66-9ce7-eb9c9732f8ea|null%40null|USER2|Normal|IBD2|com.alb.bps.retrieval.service.DocumentRetrievalServiceImpl| DocId = 1473| Execution Time : 715milliseconds

i m using the below syntax for extration, but it is not working as properly.

and also i want to extract the Execution time only for numbers i dont want to include the word milliseconds.

Can you please advice.
^(?P[^:]+)(?:[^|\n]|){3}(?P\w+)(?:[^|\n]|){4}(?P[^|]+)|\w+|(?P[^|]+)[^ \n]* (?P[^|]+)[^:\n]*:(?P\s+\d+[a-z]+)

Hi rajeswariramar,

please give this a look.

https://regex101.com/r/Z10lQg/3/

You can easily ajust this to your requirements. If you need more help, tell me.

Get Updates on the Splunk Community!

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor. HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members! The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...