hi , Please tell me how to extract 997 from the below statement
2013-01-30 19:53:39,995 com.cisco.cts.som.svosubmit.service.entitlement.dao.CCOEntitlementCache - End of the method getCCOEntitlement in com.cisco.cts.som.
Do you mean how do you capture the 995 to a separate field? Use the Interactive Field Extractor (IFX): http://docs.splunk.com/Documentation/Splunk/5.0.1/Knowledge/ExtractfieldsinteractivelywithIFX
You might also find it very beneficial to walk through the full tutorial: http://docs.splunk.com/Documentation/Splunk/5.0.1/Tutorial/WelcometotheSplunkTutorial
View solution in original post
yes exactly,am very new to SPLUNK thx for your quick response now i got it how to extract fields
thx
