How to extract a field from a Splunk search result and do stats on the value of that field

Question

I have following search results

2021-07-14 17:12:55,525 INFO [NiFi logging handler] returned 202: response_time:0.029 retry_count:2

Out of this I would like to extract "response_time" values like this so I can find the average, max, min, etc.

response_time:0.029

How can I accomplish this?

Answer 1

I like to use rex for that. It uses regular expressions to extract matching text into fields. For example,

... | rex "response_time:(?<response_time>\S+)"
| stats min(response_time) as Min, max(response_time) as Max, avg(response_time) as Avg