Hi pros,
I am new with Splunk and trying to analyze a complex log file from a financial application. I want to figure out the fields from a multilines event, here is my log example:
16.02.10 09:20:53 [ FromIso:123456789]************** INBOUND MESSAGE ID[AAABqgAwV0ujhQAA] ***************
in[ 48: ]<800>
in[ 48: ]<8220000100000000>
in[ 48: ]<0400000000000000>
msgno[ 0]<800>
Bitmap: [82200001000000000400000000000000]
in[ 7: ]<530>
in[ 7: ]<92833>
in[ 11: ]<694437>
in[ 32: ]<6>
in[ 32: ]<123123>
in[ 70: ]<2>
D-ISO-0306: m0800/a0000000000/t694437/p000000/r00
16.02.10 09:20:53 [ ToIso:123456789]************** OUTBOUND MESSAGE ID[AAABqgAwV0ujhQAA] ***************
msgno[ 0]<810>
Bitmap: [82200001020000000400000000000000]
out[ 48: ]<0810>
out[ 48: ]<8220000102000000>
out[ 48: ]<0400000000000000>
out[ 7: ]<0530>
out[ 7: ]<092833>
out[ 11: ]<694437>
out[ 32: ]<06>
out[ 32: ]<123123>
out[ 39: ]<00>
out[ 70: ]<002>
I want to extract the fields msgno=800/810 and field39="00" from the log above.
I tried to use Field Extractor to extract those fields but no luck.
Thanks,
Lang
↧