'splunk extraction from the log entries
Need to extract payload data from logs entries and extract the PlatformVersion and PlatformClient values. Need in python code.
"tracking~2015~526F3D98","2015:1302",164,1,"2022-02-07 11:10:08.744 INFO [threadPoolTaskExecutorTransformed5 - ?] saving event to log =core-server-event-tracking-api, payload={""PlatformVersion"":""6.34.36 - 4.18.6"",""PlatformClient"":""html""},53
"tracking~2015~526F3D98","2015:130",164423,1,"2022-02-07 11:10:08.744 INFO [threadPoolTaskExecutorTransformed5 - ?] saving event to log =core-server-event-tracking-api, payload={""PlatformVersion"":""6.34.37 - 4.18.7"",""PlatformClient"":""xml""},54
Solution 1:[1]
Not sure how Python and Splunk are relating here - but this is just a matter of doing some field extractions.
Something like this should do it:
index=ndx sourcetype=srctp
| field field=_raw "PlatformVersion\W+(?<platform_version>[^\"]+)"
| rex field=_raw "PlatformClient\W+(?<platform_client>[^\"]+)"
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | warren |