First, i'm sorry for my bad english.
Let me explain my problem.
I have to do a search on splunk, and in the result, get a specific value, between ": [44444]" (In this case, i want the value 44444.) and do a avg
I tried this: index=x host=y "my search" | rex field=_raw "(?<=\: \[)(.*?)(?=\])" | timechart avg(ms)
Example response: hksdfhjksadhfjksadhfjksa [36278423] gdjsagdshdgfjsadf: [21234] ms
But don't work. I tried other things, but i don't know how to print the variable ms and know whats is in that.
Can anyone help me?
Thanks
AT
↧