Hi All
My search results from Splunk look like below
2015-11-13 06:32:33,949|a.abcd|DAS|callabcd():getTime|0.296|SUCCESS|Data : 254|1447414015145[B@8d7c046b8089602570758821847|null|null
I want to extract the value "0.296" from this. Can you please let me know how to do this. I have already tried with below options and it doesn't work.
1.) search_query | rex field=_raw "^([^|]+|){5} +(?<x>[^|]+)"| table x
2.) search_query | rex field=_raw "^([^\|]+\|){5} +(?<x>[^\|]+)"| table x
↧