Unable to extract fieds

sumanth_isac · ‎04-08-2013

Hi ,
I have data files which is generated by script(eg. xyz12.ksh)
When each time a script runs a file is generated with different type.
For eg.1. xyz.log.20000109.1221
2. *****************.3545
Each file generated by script is an event.
First i could not add the directory which contained these files, so i created a new index and added each file into that index.
Now i have data in that file like starttime, endtime and error code etc.
I was able extract starttime field using regex. But i could not get endtime field values as i go to extract filed, some lines in the data of the file is removed as i select extract fields and go to Interactive field extractor.
Pls help.
I want both start time and endtime fields.

kml_uvce · ‎04-08-2013

You can do this extraction in props.conf/transforms.conf , send me your log data I can make extraction for you.
-Kamal Bisht

sumanth_isac · ‎04-08-2013

Script Name : xyz0101.ksh
Start Time : 2012-12-09 16:40:27
Arguments :
Env Variables :
Some lines here
PL/SQL procedure successfully completed.
error code is 0

End Time : 2012-12-09 18:47:15

Return Code = 0 (Normal Termination, Continue Processing)

I want to extract start time and end time and error code in single table. I was able to extract StartTime but not Endtime in regex window

Unable to extract fieds

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms