Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to create regex to capture a whole string?

MOHITJOSHI
Engager
‎05-09-2022 01:18 PM

I have a big event and I want to capture the string between "Message=" and "UpDocCaseRepository"


in other words i want to capture this specific string--

"Service encountered a database error." InnerMessage="Method Name: LOBCaseService.LoadCaseText, Error Message: Service encountered a database error., Exception: System.Net.Http.HttpRequestException: Cannot get client case document(s). Lob service call was not successful. reasonPhrase=Unauthorized\r\n at .eCAC.Service.CDR._1.Repository.

event-

2022-04-04 21:15:37,734 ERROR WCFServiceClient.Web.InfrastructureService sTime="4/5/2022 1:15:37 AM" LocalId="403654042" Method="LoadCase" Message="Service encountered a database error." InnerMessage="Method Name: LOBCaseService.LoadCaseText, Error Message: Service encountered a database error., Exception: System.Net.Http.HttpRequestException: Cannot get client case document(s). Lob service call was not successful. reasonPhrase=Unauthorized\r\n at .eCAC.Service.CDR._1.Repository.UpDocCaseRepository.<SendUpDocRequest>d__14`1.MoveNext() in s:\jenkins\workspace\_ecac_se---aeddb52c\.eCAC.Service.CDR\1.Repository\UpDocCaseRepository.cs:line 191\r\n--- End of stack trace from previous location where exception was thrown

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎05-09-2022 03:05 PM 
| rex "Message=(?<message>.*?)UpDocCaseRepository"

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎05-09-2022 03:05 PM 
| rex "Message=(?<message>.*?)UpDocCaseRepository"
0 Karma
Reply
Get Updates on the Splunk Community!

Database Performance Sidebar Panel Now on APM Database Query Performance & Service ...

We’ve streamlined the troubleshooting experience for database-related service issues by adding a database ...

IM Landing Page Filter - Now Available

We’ve added the capability for you to filter across the summary details on the main Infrastructure Monitoring ...

Dynamic Links from Alerts to IM Navigators - New in Observability Cloud

Splunk continues to improve the troubleshooting experience in Observability Cloud with this latest enhancement ...