- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Re: How to export the key and values in a CSV form...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to export the key and values in a CSV format
cf_app_id: *****************88
cf_app_name: ***********888
cf_ignored_app: false
cf_org_id: ***************88888888888888
cf_org_name: USA.MRCH.APP.UCOMM.CAT
cf_origin: firehose
cf_space_id: ***************88888888888888
cf_space_name:
deployment: ******************88888888888888
event_type: LogMessage
info_splunk_index: null
ip: 10.183.40.145
job: diego_cell
job_index: acb0c570-3322-4273-9704-22c54adb8894
message_type: OUT
msg: date=2020-02-25 06:28:05,346 severity=INFO service=ucom-payment-services partnerId=FP_WALLET_US walletId=FP_SERVER X-B3-TraceId=29157c3fe87e4f3dbfce5608e4ef7b55 X-B3-SpanId=c3e9b5b4f4266d84 logger=c.f.u.p.s.c.RequestPayloadMerger message=validateFundingSource value : true pid=23 thread=http-nio-8080-exec-3
origin: rep
source_instance: 1
source_type: APP/PROC/WEB
timestamp: 1582630085346462700
Now
1. How could I extract the cf_app_name -> msg field and extract the partnerid, trace id, and( eg: request and response data, which consists of body fields-Method type, etc.
2. Once extracted the Key and value of the fields from cf-app_name, I need to export the key and values in a csv format, which we use for validation in JMeter or with Macros. That's the plan, Can someone with adequate knowledge show us some light on this. Please your support is appreciated.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
|makeresults
| eval _raw="cf_app_id: 88
cf_app_name: 888
cf_ignored_app: false
cf_org_id: 88888888888888
cf_org_name: USA.MRCH.APP.UCOMM.CAT
cf_origin: firehose
cf_space_id: 88888888888888
cf_space_name:
deployment: ****88888888888888
event_type: LogMessage
info_splunk_index: null
ip: 10.183.40.145
job: diego_cell
job_index: acb0c570-3322-4273-9704-22c54adb8894
message_type: OUT
msg: date=2020-02-25 06:28:05,346 severity=INFO service=ucom-payment-services partnerId=FP_WALLET_US walletId=FP_SERVER X-B3-TraceId=29157c3fe87e4f3dbfce5608e4ef7b55 X-B3-SpanId=c3e9b5b4f4266d84 logger=c.f.u.p.s.c.RequestPayloadMerger message=validateFundingSource value : true pid=23 thread=http-nio-8080-exec-3
origin: rep
source_instance: 1
source_type: APP/PROC/WEB
timestamp: 1582630085346462700"
| rex max_match=0 "(?<key>.*?): (?<value>.*)"
| eval _raw=mvzip(key,value,"=")
| kv
| fields - _* key value
| eval date=mvindex(split(msg,"="),1)
| fields - msg
| table * X_B3_SpanId X_B3_TraceId
Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!
They're back! Join the SplunkTrust and MVP at .conf24
Enterprise Security Content Update (ESCU) | New Releases
