I am trying write a regex to extract the number so that I can calculate the sum. Below is the event:
abre0001.pxm: 55 records processed as of 2022-07-28 00:55:51.829407
abre0001.pxm: 23,555 records processed as of 2022-07-28 00:55:51.829407
abcd0001.pxm: 23,45,555 records processed as of 2022-07-28 00:55:52.543170
I want to extract the fields 55, 23,555, and 23,45,555 from each event and calculate the sum. However, I am unable to extract the number with a comma in it. I am able to get just the entries with only digits. Below is the regex used.
index="" source="" sourcetype="r" "ab*0001.pxm"
| rex field=_raw "pxm:\s+(?<value>/d+)/s"
| convert rmcomma(value)
| stats sum(value) as total_entries
The value field is unable to extract the number having a comma. It only extracts 55 rest of the entries are blank. Not sure what explicitly we need to give here.
| rex field=_raw "pxm:\s+(?<value>[\d,]+)\s"
| eval value=replace(value,",","")
d, and s are escaped and added "," to group that can be in the named capture group "value"
You then need to remove any commas, since they're not numerical