Your query worked great for this single event. But, I have series of events and i want to extract these values as a field so that I can make a report
... View more
I have series of events like this. I want to extract field called "custom_field" from all these multi valued events.
Example or sample output of extracted field:
AE Test Fail
AE Testing in Progress
Activating
.............
.............
Note: I dont have access to any config files. So, can you tell any regular expression to capture all those values?
... View more
Hi,
This is the sample event
GA.769:180302:113834:: INFO.PSA: Getting issue for ID: 931778
GA.769:180302:113834:: INFO.getCustomFieldValues(): field 'AE Test Fail' of type com.atlassian.servicedesk.internal.sla.customfield.SLACFType w...
GA.769:180302:113834:: INFO.getCustomFieldValues(): field 'AE Testing in Progress' of type com.atlassian.servicedesk.internal.sla.customfield.S...
GA.769:180302:113834:: INFO.getCustomFieldValues(): field 'Activating' of type com.atlassian.servicedesk.internal.sla.customfield.SLACFType was...
GA.769:180302:113834:: INFO.getCustomFieldValues(): field 'Adding to .Net Website' of type com.atlassian.servicedesk.internal.sla.customfield.S...
GA.769:180302:113834:: INFO.getCustomFieldValues(): field 'All Sec Incidents (closed)' of type com.atlassian.servicedesk.internal.sla.customfie...
GA.769:180302:113834:: INFO.getCustomFieldValues(): field 'Application Certification' of type com.atlassian.servicedesk.internal.sla.customfiel...
GA.769:180302:113834:: INFO.getCustomFieldValues(): field 'Approvals' of type com.atlassian.servicedesk.plugins.approvals.internal.customfield....
GA.769:180302:113834:: INFO.getCustomFieldValues(): field 'Approvals' of type com.atlassian.servicedesk.plugins.approvals.internal.customfield....
class type: java.util.HashMap
map values: null --> 505 :: NetOps-HR
map values: 1 --> 90109
GA.769:180302:113834:: INFO.getCustomFieldValues(): field 'BHN Test' of type com.atlassian.servicedesk.internal.sla.customfield.SLACFType was s...
GA.769:180302:113834:: INFO.getCustomFieldValues(): field 'Building Test Lines' of type com.atlassian.servicedesk.internal.sla.customfield.SLAC...
GA.769:180302:113834:: INFO.getCustomFieldValues(): field 'Checking Connectivity' of type com.atlassian.servicedesk.internal.sla.customfield.SL...
GA.769:180302:113834:: INFO.getCustomFieldValues(): field 'Connect to Network and Add to INS' of type com.atlassian.servicedesk.internal.sla.cu...
GA.769:180302:113834:: INFO.getCustomFieldValues(): field 'Connecting MTA to Network' of type com.atlassian.servicedesk.internal.sla.customfiel...
GA.769:180302:113834:: INFO.getCustomFieldValues(): field 'Creating Test Accounts' of type com.atlassian.servicedesk.internal.sla.customfield.S...
GA.769:180302:113834:: INFO.getCustomFieldValues(): field 'Customer Request Type' of type com.atlassian.servicedesk.internal.customfields.origi...
GA.769:180302:113834:: INFO.getCustomFieldValues(): field 'Customer Response Time' of type com.atlassian.servicedesk.internal.sla.customfield.S...
GA.769:180302:113834:: INFO.getCustomFieldValues(): field 'DOCSIS Test' of type com.atlassian.servicedesk.internal.sla.customfield.SLACFType wa...
GA.769:180302:113834:: INFO.getCustomFieldValues(): field 'Days to Resolution' of type com.atlassian.servicedesk.internal.sla.customfield.SLACF...
GA.769:180302:113834:: INFO.getCustomFieldValues(): field 'Epic Link' of type com.atlassian.greenhopper.customfield.epiclink.EpicLinkCFType was...
GA.769:180302:113834:: INFO.getCustomFieldValues(): field 'FCC 2 Weeks' of type com.atlassian.servicedesk.internal.sla.customfield.SLACFType wa...
GA.769:180302:113834:: INFO.getCustomFieldValues(): field 'FCC 3 Weeks' of type com.atlassian.servicedesk.internal.sla.customfield.SLACFType wa...
GA.769:180302:113834:: INFO.getCustomFieldValues(): field 'First Response' of type com.atlassian.servicedesk.internal.sla.customfield.SLACFType...
GA.769:180302:113834:: INFO.getCustomFieldValues(): field 'First Response Task Metric' of type com.atlassian.servicedesk.internal.sla.customfie...
GA.769:180302:113834:: INFO.getCustomFieldValues(): field 'IT Testing' of type com.atlassian.servicedesk.internal.sla.customfield.SLACFType was...
When I use regular expression I am getting the value from the first line but not from the other lines. I want to capture the fields that start after INFO.getCustomFieldValues(): field.
... View more
Hi i want to retrieve events that does not have "-" in the request url.
index=con_jira [| gentimes start=-1 | eval source="/opt/atlassian/current/logs/access_log." + strftime(now(), "%F") | return source] "GET /browse" | eval headers=split(_raw," ") | eval method=mvindex(headers,5) |eval request=mvindex(headers,6) | where request!="*-" | table request
sample Result:
/browse/EPS -----> correct result
/browse/ISPTEXAS-27534 ----> wrong result
... View more