lr-pal
Reputation: 389
Splunk query to extract a number (time taken)
I have a splunk query result such as below:
2020-04-09 23:33:51.120 INFO 1 --- [an-885-exec-8] c.z.q.p.serv.backendCall : time taken 11793 in ms
I want to extract the number after string "time taken" and table the result
I tried the below query
index=my-platform ": time taken" | rex ".*:\stime\taken\s(?P<time_taken>(\d+))\sin\sms" | table time_taken
This query results in a blank table and prints nothing.
Can anyone help with the right query to extract just the number next to time taken?
Upvotes: 1
Views: 2422
Answers (1)
warren
Reputation: 33435
You missed the field=<field_name> in the rex:
| rex field=_raw "taken\s(?<time_taken>\d+)\s"
Will do it - https://regex101.com/r/gYuN7w/1/
Upvotes: 1
Related Questions
- Splunk regex matching for spring batch job times
- Splunk - How to count occurrences of a string by an extracted field?
- splunk regex issue
- Splunk - regex extract fields from source
- Regex to Match string after time
- Regex to extract two values from single string in Splunk
- Filtering Splunk results based on a numerical value in the log entry
- RegEx in Splunk Search
- splunk query for counting based on regex
- A regex with Splunk