DEVHIDE
Login Or Sign up

Splunk query to extract fields from log data

181 Views Asked by At

My Splunk log some thing like [user name] [traceid] ldap authentication { “status” : “success” , “username”: “123”} MULTIEXCEPTION some text….

I am trying out for Splunk query that gives result in tabular format.. any query suggestions?

Status  username 
Success 123
Fail     234
splunk splunk-query
Original Q&A
1

There are 1 best solutions below

0
On

As @PM77-1 wrote, use the rex command to extract fields from events. Then use the (surprise!) table command to put the results in tabular format.

index=foo
``` Extract the status field ```
``` Triple escapes are needed because of multiple layers of processing ```
| rex "status\\\"\s*:\s*\\\"(?<status>[^\\\"]+)"
``` Extract the username field using a separate command for order-independence ```
| rex "username\\\"\s*:\s*\\\"(?<username>[^\\\"]+)"
| table status username

Related Questions in SPLUNK

Related Questions in SPLUNK-QUERY

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.