I am new to splunk. My requirement is to display below grid.
Method Execution Time
IndexController.printHello 519
My Event String is below
{ "event" : "test", "message" : "OUT: IndexController.printHello - time taken: 519 ms"}
I tried with below approach
index = "myspluk" | table message | field method, executiontime
But it display empty message. I created field extractor but its not working
I want to extract method and execution time from
"OUT: IndexController.printHello - time taken: 519 ms"
Any help will be greatly appreciated!!!
I would extract what you need with rex and some regex capture groups, from either the _raw or the message field:
index = "myspluk"
| rex field=_raw "OUT: (?<method>.*?) - time taken: (?<executiontime>\d+) ms"
| table method executiontime