I have a splunk log in the below format:
{"Apple":
{"message":"abcdefgh.ijkl","code":"200"}
}
I want to filter the message "abcdefgh.ijkl" and code separately.
0
votes
So, what have You tried so far?
- Kamiccolo
rex field = message_text "{(\w+)*:(\w+)*:(?<message>(.*)\s)"
- Sateesh M
Would You be so kind and update Your question in reproducible and verifiable manner. Just like MCVE describes.
- Kamiccolo
in the log that I said in question will come as message_text: {}
- Sateesh M
this is how i get the log. message_text: {"data": {"message":"I'm a Developer.Lives in Hyderabad","code":"200"} }
- Sateesh M
