- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- How to extract below field from logs ?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
I need to create a dashboard which shows error messages & its count over the time. i have a logfile like below and i would like to extract the error message as a field.
"[syncservice] [ERROR] [20 Mar 2018 04:09:56,654] : [7dfhsdgw-4dgsj-ashgah-svahs5226] : [com.xxx.xxxx.xxxx.xxxx]: Failed to invoke service xxx.xxxxxx.xxxx.ConnectorException: IOException occurred for ServiceLogMessage while obtaining response: Connection to http://localhost:8080 refused"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
based on @tiagofbmm 's answer, try this | rex field=_raw "ConnectorException:\s(?<ConnectorException>.*)"
you can test out regex's at this website: https://regex101.com/
it is a great place to learn and test out what you're doing.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
based on @tiagofbmm 's answer, try this | rex field=_raw "ConnectorException:\s(?<ConnectorException>.*)"
you can test out regex's at this website: https://regex101.com/
it is a great place to learn and test out what you're doing.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @cmerriman,
Yes, it works & Thanks for sharing the knowledge 🙂
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Working solely on the example you gave in the question,
| rex field=_raw "ConnectorException:s(?.*)"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @tiagofbmm,
Thanks for the answer.
But, i m getting error as "Error in 'rex' command: Encountered the following error while compiling the regex 'ConnectorException:s(?.*)': Regex: unrecognized character after (? or (?- "
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
My bad, forgot to put it as Code
| rex field=_raw "ConnectorException\:s(?<ConnectorException>.*)"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Please upvote and accept answers
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
...| rex field=_raw "ConnectorException\:s(?<errormsg>.*)"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for your answer @493669.
:)
Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...
.conf24 | Registration Open!
ICYMI - Check out the latest releases of Splunk Edge Processor
