- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Search output in tabular format
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am looking for help to extract the values from my log files
my log file has a sequence of data as follows
1.){xxxxxxxxxx} - Processing request
Loggeduser: true
Loggedusername: xyz/abc@xxx.com
Loginproviders: xxxxxxxxx
2.){xxxxxxxxxx} - Processing request
Loggeduser: true
Loggedusername: xyz/efg@jkl.com
Loginproviders: xxxxxxxxx
From the above mentioned sequence i am interested in extracting Loggedusername and its value to a tabular form, something as mentioned below
Activity user
Loggedusername xyz/abc@xxx.com
Loggedusername xyz/efg@jkl.com
How can i create a table with useful information as mentioned above.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
many answers here:
https://answers.splunk.com/answers/310664/regex-to-extract-multiple-email-addresses-in-splun.html
https://answers.splunk.com/answers/172300/how-to-extract-the-email-address-from-the-my-logs.html
https://answers.splunk.com/answers/338138/how-to-search-for-and-extract-email-ids-with-dot-t.html
or use the gui field extractor
https://docs.splunk.com/Documentation/Splunk/latest/Knowledge/ExtractfieldsinteractivelywithIFX
https://docs.splunk.com/Documentation/Splunk/6.6.1/Scenarios/Extractfields
hope it helps
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
many answers here:
https://answers.splunk.com/answers/310664/regex-to-extract-multiple-email-addresses-in-splun.html
https://answers.splunk.com/answers/172300/how-to-extract-the-email-address-from-the-my-logs.html
https://answers.splunk.com/answers/338138/how-to-search-for-and-extract-email-ids-with-dot-t.html
or use the gui field extractor
https://docs.splunk.com/Documentation/Splunk/latest/Knowledge/ExtractfieldsinteractivelywithIFX
https://docs.splunk.com/Documentation/Splunk/6.6.1/Scenarios/Extractfields
hope it helps
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for your help.
infact there was multiple challenges was there which was like after extracting field some more data was need to be extracted in multiple line.I managed to get it solved by using "rex " and "(?m)" search command.
More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk
.conf24 | Personalize your .conf experience with Learning Paths!
Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...
