Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Splunk Search
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Re: Extrating fileds based on matching values from...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Extrating fileds based on matching values from log
tonan
Explorer
03-26-2012
02:30 AM
Hi Want to extract specific fields from a log file. Tried using rex but failed.. need help
- Want to extract matching [PID:
] and [Thd: ] - export it to csv file or in any excel format
Log file EG:
----------------------------------------
03-09-2012 12:04:52.824 Information C:\Program Files\Common Files\Microsoft Shared\DevServer\10.0\WebDev.WebServer40.exe [App: WebMobile] [PID: 296] [Thd: 5400] StockRoomController DisplayScanItem 1234 12345678 33333 00000000-0000-0000-0000-000000000000 Controller 39634671 39634703 32
----------------------------------------
----------------------------------------
03-09-2012 12:04:53.262 Information C:\Program Files\Common Files\Microsoft Shared\DevServer\10.0\WebDev.WebServer40.exe [App: WebMobile] [PID: 296] [Thd: 5676] BCK001 UI 1 2 00000000-0000-0000-0000-000000000000 RenderingTime 1331316293215 1331316293246 31
----------------------------------------
----------------------------------------
03-09-2012 12:05:06.855 Information C:\Program Files\Common Files\Microsoft Shared\DevServer\10.0\WebDev.WebServer40.exe [App: WebMobile] [PID: 296] [Thd: 5036] BCK001 UI 1 2 ffe7d7cb-c7ae-4056-8393-6e237b7e120b SubmitTime 0 1331316306839 0
----------------------------------------
----------------------------------------
03-09-2012 12:05:08.230 Information C:\Program Files\Common Files\Microsoft Shared\DevServer\10.0\WebDev.WebServer40.exe [App: WebMobile] [PID: 296] [Thd: 5676] StockroomDomainManager ReadLoc 1234 12345678 33333 ffe7d7cb-c7ae-4056-8393-6e237b7e120b DataBase 39649906 39650687 781
----------------------------------------
----------------------------------------
03-09-2012 12:05:08.230 Information C:\Program Files\Common Files\Microsoft Shared\DevServer\10.0\WebDev.WebServer40.exe [App: WebMobile] [PID: 296] [Thd: 5676] StockroomDomainManager ReadStkrmLocsByProdId_FG 1234 12345678 33333 ffe7d7cb-c7ae-4056-8393-6e237b7e120b DataBase 39649906 39650687 781
----------------------------------------
----------------------------------------
03-09-2012 12:05:08.230 Information C:\Program Files\Common Files\Microsoft Shared\DevServer\10.0\WebDev.WebServer40.exe [App: WebMobile] [PID: 296] [Thd: 5676] BackstockApplication GetStkrmLocsByProdId_FG 1234 12345678 33333 ffe7d7cb-c7ae-4056-8393-6e237b7e120b Controller 39649906 39650687 781
----------------------------------------
----------------------------------------
03-09-2012 12:05:08.230 Information C:\Program Files\Common Files\Microsoft Shared\DevServer\10.0\WebDev.WebServer40.exe [App: WebMobile] [PID: 296] [Thd: 5676] StockRoomController DisplayScanLocation 1234 12345678 33333 ffe7d7cb-c7ae-4056-8393-6e237b7e120b Controller 39650687 39650687 0
----------------------------------------
----------------------------------------
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ayn
Legend
03-26-2012
02:59 AM
What's not working with rex? This should work:
... | rex "\[PID: (?<pid>\d+)\]\s+\[Thd: (?<thd>\d+)\]"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ayn
Legend
03-26-2012
04:10 AM
... | rex "\[PID: (?<pid>\d+)\]\s+\[Thd: (?<thd>\d+)\]" | fields pid thd | outputcsv exportedfields
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
tonan
Explorer
03-26-2012
04:08 AM
Thankyou Ayn,
Is there any way to export the values out of the log files for the above two mentioned fields.
Like the logs have a "PID" and "Thd" value, can we use splunk to filter out that value and then export it to a say csv files or an excel sheet.
--update
I can however select the fields i wish to in the output by selecting the fields under "selected fields" but i am not able to export these values in an excel sheet or say a csv
Get Updates on the Splunk Community!
Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!
Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...
They're back! Join the SplunkTrust and MVP at .conf24
With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...
Enterprise Security Content Update (ESCU) | New Releases
Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...
