Hi, my splunk logs are in the following format :
"POST /v2/endpoint HTTP/1.0" 200 91 "http://example.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36" 0.029 "127.0.0.1" "some-id"
I need to extract the status (200 in this case) and the response time (0.029 in this case) in my splunk search ?
How can I achieve this, I tried using regex's but the same delimiting fails as the data also has spaces 😞
Any way I can get these ?
... View more