Hi
I'm trying to "extract fields" with regular expressions for a specific position on a comma separated log file that always has the same number of fields on each row.
The file looks like this (one row):
2010-09-15 15:38:55 ,Default_TCr10.20_Webb.war,,ODRTEST01,HTTP,37,1,0,37,37,1,2010-09-15 15:33:50 ,2010-09-15 15:38:50 ,0,4.969857,0,0,0,2010-09-15 15:33:50,0
It's separated in 20 fields.
Lets say that I want the field at position 15 i.e. 4.969857
The problem for me how to solve this is that the fields after and before can be '', '0' or 'a date-time' and I can't get | (pipe) and parenthesis to work.
Is it possible solve in Splunk?
I'm using version 4.1.3.
... View more