Splunk Search

Unable to extract fieds

sumanth_isac
Path Finder

Hi ,
I have data files which is generated by script(eg. xyz12.ksh)
When each time a script runs a file is generated with different type.
For eg.1. xyz.log.20000109.1221
2. *****************.3545
Each file generated by script is an event.
First i could not add the directory which contained these files, so i created a new index and added each file into that index.
Now i have data in that file like starttime, endtime and error code etc.
I was able extract starttime field using regex. But i could not get endtime field values as i go to extract filed, some lines in the data of the file is removed as i select extract fields and go to Interactive field extractor.
Pls help.
I want both start time and endtime fields.

Tags (2)
0 Karma

kml_uvce
Builder

You can do this extraction in props.conf/transforms.conf , send me your log data I can make extraction for you.
-Kamal Bisht

0 Karma

sumanth_isac
Path Finder

Script Name : xyz0101.ksh
Start Time : 2012-12-09 16:40:27
Arguments :
Env Variables :
Some lines here
PL/SQL procedure successfully completed.
error code is 0

End Time : 2012-12-09 18:47:15

Return Code = 0 (Normal Termination, Continue Processing)

I want to extract start time and end time and error code in single table. I was able to extract StartTime but not Endtime in regex window

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...