0

I have data in splunk like this:

DEBUG demp.find - [Local-Log] Parameters name/city/isActive/: 3/XYZ/true/false
DEBUG demp.find - [Local-Log] Parameters name/city/isActive/: 4/AHJGS/true/false
DEBUG demp.find - [Local-Log] Parameters name/city/isActive/: 3/AJJ/true/false
DEBUG demp.find - [Local-Log] Parameters name/city/isActive/: 6/XYZ/true/false
DEBUG demp.find - [Local-Log] Parameters name/city/isActive/: 3/XYZ/true/false
DEBUG demp.find - [Local-Log] Parameters name/city/isActive/: 6/123/true/false
DEBUG demp.find - [Local-Log] Parameters name/city/isActive/: 3/HJG/true/false

I want to get the this result from a splunk query where name value is dynamic, I dont care about anything after that

like: Parameters name/city/isActive/: {regex here to get name value} and save that in new values to user further. Kindly guide me for this.

Thanks

Improve this question

1 Answer 1

Reset to default
2 
rex field=_raw "Parameters name/city/isActive/:(?<all>(?<part1>.*)/(?<part2>.*)/(?<part3>.*)/(?<part4>.*))"
Improve this answer

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Not the answer you're looking for? Browse other questions tagged or ask your own question.