- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Extracting fields and values
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi , I have data in the below format:
[mpeg-1 audio, Service 1, PID 111] [Average rate 0.201 Mbits/s] [Min rate 0.199 Mbits/s] [Max rate 0.203 Mbits/s] [h.264 video, Service 1, PID 110] [Average rate 6.491 Mbits/s] [Min rate 6.474 Mbits/s] [Max rate 6.521 Mbits/s] [mpeg-1 audio, Service 1, PID 112] [Average rate 0.138 Mbits/s] [Min rate 0.135 Mbits/s] [Max rate 0.140 Mbits/s] [PMT, Service 2, PID 200] [Average rate 0.015 Mbits/s] [Min rate 0.015 Mbits/s] [Max rate 0.017 Mbits/s] [h.264 video, Service 2, PID 120] [Average rate 0.208 Mbits/s] [Min rate 0.193 Mbits/s] [Max rate 0.226 Mbits/s]
and I want to extract data as in the below format: Codec PID Average Rate Mbits/s Min Rate Mbits/s Max Rate Mbits/s mpeg-1 audio 111 0.201 0.199 0.203 [h.264 video 110 6.491 6.474 6.521 mpeg-1 audio 112 0.138 0.135 0.14 h.264 video 120 0.208 0.193 0.226
Can any one help me to extract using regex?
Thanking in advance
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This should get you started:
\[(<?Codec>[^,]*),[\s\S]*PID\s(?<PID>\d*)\]\s\[Average rate\s(?<AvgRate>[\d\.]*)[\s\S]*\]\s\[Min rate\s(?<MinRate>[\d\.]*)[\s\S]*\]\s\[Max rate\s(?<MaxRate>[\d\.]*)[\s\S]*\]
If this reply helps you, Karma would be appreciated.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This should get you started:
\[(<?Codec>[^,]*),[\s\S]*PID\s(?<PID>\d*)\]\s\[Average rate\s(?<AvgRate>[\d\.]*)[\s\S]*\]\s\[Min rate\s(?<MinRate>[\d\.]*)[\s\S]*\]\s\[Max rate\s(?<MaxRate>[\d\.]*)[\s\S]*\]
If this reply helps you, Karma would be appreciated.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Mus,
the results should be in tabular from with headers as below:
headers are : Codec,PID,Average Rate,Min Rate,Max Rate
and their respective values.
For example for Codec values will be mpeg-1 audio
[h.264 video,
mpeg-1 audio,
h.264 video.
and for PID values will be 111
110,
112,
120
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You want to extract these fields:
Codec
PID
Average Rate Mbits/s
Min Rate Mbits/s
Max Rate Mbits/s
With these values?
mpeg-1 audio
111
0.201
0.199
0.203
h.264 video
110
6.491
6.474
6.521
mpeg-1 audio
112
0.138
0.135
0.14
h.264 video
120
0.208
0.193
0.226
Have you tried the automated field extractor?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
could you pleas reformat your result in better/nicer a way. Currently it is hard to determine what it should look like
Splunk APM: New Product Features + Community Office Hours Recap!
Index This | Forward, I’m heavy; backward, I’m not. What am I?
A Guide To Cloud Migration Success
