Using Splunk rex to extract String from logs
Question
From splunk logs,how can I get a count of all those methods whose Time taken is > 10ms?
Splunk logs which look some thing like this :
csmcadvice.ExecutionTimeAdvice : <> relationId = aa12 | Method Name = methodA() Time taken is = 0ms
csmcadvice.ExecutionTimeAdvice : <> relationId = ab12 | Method Name = methodA(). Time taken is = 15ms
csmcadvice.ExecutionTimeAdvice : <> relationId = ab12 | Method Name = methodB(). Time taken is = 1ms
1 answers
solution1
0 2021-10-26 18:24:55
This would be the general idea:
| rex field=_raw "Method Name = (?<methodName>\w*)\(\)"
| rex field=_raw "Time taken is = (?<duration>\d*)ms"
| where duration > 10
| stats count by methodName
Within your search, you will need to
- Create a
rexfield to grab the method name - Create a
rexfield to grab the duration in milliseconds - Use the
wherecommand to filter the results to where your new "duration" field > 10ms - Use the
statscommand withcount byto count the current results, binning by your new "methodName" field
If this is not exactly correct for your logs, it should at least get you very close.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.