Good Day,
I would like to extract a new field called "Status" and the values for this field will be the text right after "status changed to".
For example - Completed, Waiting,Launched,Active.
Is this regex good match?- (Completed|Launched|Active|Waiting), but how to write this in splunk so that it creates a new field called status?
I have data in below form:
310822856,"09/19/2018
02:31:30
PM","Job ""DMS_05_BosLog_Files [88]"" status change to Completed Normally.",Audit,Job Manager,1100,DMS_05_Outbound_Files,88,Production
310822857,"09/19/2018
02:31:30
PM","Job ""02_DMS_BSTORE [89]"" status change to Completed Normally.",Audit,Job Manager,1100,02_DMS_EOD_LOG_ZSTORE,89,
310822848,"09/19/2018
02:31:29
PM","Job ""DFMS_05__Outbound_Files [90]"" status change to Launched.",Audit,Job Manager,1100,DMS_05_Outbound_Files,90,Production
22855,"09/19/2018
02:31:29
PM","Job ""DMS_05_Archive_PosLog_Outbound_Files [91]"" status change to Active",Audit,Job Manager,1100,DMS_05_Outbound_Files,10317045,Production
22840,"09/19/2018
02:31:28
PM","Job ""DMS_05_Archive_PosLog_Outbound_Files [91]"" status change to Waiting On Resource",Audit,Job Manager,1100,DMS_05_Outbound_Files,7045,Production
Note : I am running splunk Cloud
... View more