I'm trying to plot a visualization chart in splunk. My sample splunk log looks like as shown below:
{TIMESTAMP=2024-04-02 02:26:58 , LEVEL=INFO , APPL=appname ,ENV=test , THREAD=[http-nio-8080-exec-6] , Execution Stopped: StudentController | Total Time Taken: 52 ms}I'm trying to extract Total Time Taken field from this log and trying to plot a graph in splunk for each timestamp.
Tried using rex command :
index = "xyz"| rex "Total Time Taken:(?<Total Time Taken>\S)" But facing, Error in 'rex' command: Encountered the following error while compiling the regex 'Total Time Taken:(?<Total Time Taken>\S)': Regex: syntax error in subpattern name (missing terminator).
Can anyone please help me out by providing the splunk query to extract the specified field with a timechart.