Vijay Kumar
Reputation: 2717
How to extract a field from a Splunk search result and do stats on the value of that field
I have following search results
2021-07-14 17:12:55,525 INFO [NiFi logging handler] returned 202: response_time:0.029 retry_count:2
Out of this I would like to extract "response_time" values like this so I can find the average, max, min, etc.
response_time:0.029
How can I accomplish this?
Upvotes: 2
Views: 4469
Answers (1)
RichG
Reputation: 9936
I like to use rex for that. It uses regular expressions to extract matching text into fields. For example,
... | rex "response_time:(?<response_time>\S+)"
| stats min(response_time) as Min, max(response_time) as Max, avg(response_time) as Avg
Upvotes: 4
Related Questions
- Extract data from splunk
- splunk query to extract multiple fields from single field
- Splunk: How to extract field directly in Search command using regular expressions?
- How to extract a value from fields when using stats()
- Searching for a particular kind of field in Splunk
- Adding custom fields to splunk query
- Splunk Rex: Extracting fields of a string to a value
- Splunk extracted field in dashboard
- Extracting certain fields from Splunk query results
- How to extract correct fields and count to create report in Splunk?