Questions in topic: "generic-eval-processor"
https://answers.splunk.com/answers/topics/single/162908.html
The latest questions for the topic "generic-eval-processor"How to process varying number of Key=Value pairs in a log?
https://answers.splunk.com/answers/44882/how-to-process-varying-number-of-key-value-pairs-in-a-log.html
**Scenario**: Event lines in the log come with varying number of key=value pairs, where nothing is predetermined: Neither the names of the keys, nor the set of values, nor the number of such key=value pairs found in the log.
The **question** is: How to create **generic**, **dynamic** processing search/eval construct, that can gather and process such values from the eventdata? (i.e. only “=” and “,” delimiters are standardized).
Giving below is an example that would show the situation. Any help will be deeply appreciated!
**Specification**:
<< some std. access_combined fields here>> followed by: indefinite, comma-separated K=V pairs
where K=V format is: methodName=DurationInteger
Sample Log data example:
Event1: … method1=100,method2=250,method3=150
Event2: … method1=125,method2=275,method3=325,methodSome=300,method5=50
Event3: … method1=15,method2=35,methodOther=100,nextMethod4=500
Event4: … method1=125,method2Last=275
Event5: … methodSolo=400
Regex/Search/Eval expression needed to be built that can dynamically gather and sum-up all the integer numbers representing the duration values of all the above method-names **without knowing the number of such key=value pairs** in advance in any eventdata line (i.e. the answer should be = **3025** for the entire transaction that constitute the above five events). Any insights would be greatly appreciated. Happy Easter!dynamicregex-unknown-field-#skey-val-processinggeneric-eval-processorSat, 07 Apr 2012 00:12:03 GMTSonnyB