I built a regular expression to extract fields from a log file. However, after extracting I am not able to display the extracted fields in table format. The regular expression seems to be working online. https://regex101.com/r/ZcYOhG/2
I want to display the extracted fields in a table format. Can someone help me?
try this:
index=<your_index>
| rex field=_raw "transactionId=(?<transactionId>[^\}]+)\}.*ResourceId\:\s(?<featureName>[^\,]+),.*CPNYID_(?<companyId>\d+)_AID_(?<aPaymentId>\d+)"
| stats count by aPaymentId companyId featureName transactionId
try this:
index=<your_index>
| rex field=_raw "transactionId=(?<transactionId>[^\}]+)\}.*ResourceId\:\s(?<featureName>[^\,]+),.*CPNYID_(?<companyId>\d+)_AID_(?<aPaymentId>\d+)"
| stats count by aPaymentId companyId featureName transactionId
Thank you for the quick reply. It worked well.
Can you explain why the same regex did not worked in splunk as is.
You made little tweaks in the expression.
whats the query you are using to display the fields in table format?