regexsplunksplunk-query
Splunk: regex - No events counted
I am trying to extract a field after a specific expression using regex and then running a query which counts the events where this condition is met. I did this:
query | rex field=_raw "text: (?<value>\d+)" | timechart partial=f span=5m count as numbers | where value > 3
There are some log-entries for which value is greater than 3, but nevertheless this events are not counted. What did I do wrong here and why did I not get a result?
Solution
Put your where before your time chart
Using the 8 events, I can select those which are greater than 3
source="splunk.txt" host="stack" index="stack" sourcetype="raw_line_break"
| rex "text: (?<value>\d)"
| where value > 3
| timechart partial=f span=5m count as numbers
this returns me a count of 2 since only two events in that time window were greater than 3
- How to combine all the words of a sentence extracted with a regex?
- How can I detect all symbols on mathematical operators on PHP using regex?
- RegEx for combining "match everything" and "negative lookahead"
- How to validate an Instagram username
- Parse video id and start time from differently formatted youtube URL strings
- Python - regex to grab specific lines from text
- how to escape texts for formatting in python
- Regex not correctly rejecting invalid music note values
- regex - error with result - too many occurence
- Parse a formatted, single-line string into an array of associative arrays with predefined column names
- How to split a string by any of multiple delimiters?
- std::regex escape special characters for use in regex
- Does lookbehind work in sed?
- Regex for complex delimited string with multiple parse patterns
- Parsing PDF tables into csv with php
- RegEx for "does not begin with"
- PHP regex starting and ending with < and > produces an unknown modifier warning
- Sanitize number by removing first digit then any consecutive zeros
- How to match one or more characters nominated in a regex character class?
- Sanitize a number which may include dollar symbols, hyphens and dots
- Validate a numeric filename which may only be between 01 and 12, then the file extension
- Regex for number check below a value (12)
- Validate a string containing a number, underscore, then an number with a maximum of 12 digits
- Regular expression that allows only a specific special character when it has a specific length
- java - regex pattern matching days, hours, minutes, seconds
- Regex pattern for matching words between two delimiters
- Matching a String in Python using regex
- How to match and extract string matching regular expression
- Problem subsetting a string from a filename
- Remove all non-alphanumeric characters but keep float values