S.Dan
Reputation: 1912
How to parse information from a log message in splunk
I have a log message in splunk as follows:
Mismatched issue counts: 5 vs 9
Is there a way to parse the 5 and 9 into variables and draw a graph using them?
I looked into Splunk Custom Log format Parsing and saw there is an option to use json to parse json log message. But how can I log as json and use spath in splunk chart?
Upvotes: 0
Views: 3196
Answers (1)
RichG
Reputation: 9916
You don't need to log in JSON to parse custom logs. Use regex.
```Extract the two numbers as fields 'a' and 'b'```
... | rex "Mismatched issue counts: (?<a>\d+) vs (?<b>\d+)"
```Group events by hour```
| bin span=1h _time
```Chart the results```
| chart max(a) as a, max(b) as b by _time
Upvotes: 2
Related Questions
- Extract data from splunk
- manipulate string in splunk
- Using Splunk rex to extract String from logs
- splunk query based on log stdout
- Extract some fields from a part json part text log in Splunk
- Parsing Cisco System Logs with Regex
- How to extract data from the String in splunk?
- Extracting 5 fields from logfile containing a string in Splunk
- Splunk Custom Log format Parsing
- How to extract the pattern " [xxxxxxx] ERROR " for splunk?