2

I have following search results

2021-07-14 17:12:55,525 INFO [NiFi logging handler] returned 202: response_time:0.029 retry_count:2

Out of this I would like to extract "response_time" values like this so I can find the average, max, min, etc.

response_time:0.029

How can I accomplish this?

James Z
  • 12,209
  • 10
  • 24
  • 44
Vijay Kumar
  • 2,439
  • 2
  • 32
  • 51

1 Answers1

4

I like to use rex for that. It uses regular expressions to extract matching text into fields. For example,

... | rex "response_time:(?<response_time>\S+)"
| stats min(response_time) as Min, max(response_time) as Max, avg(response_time) as Avg
RichG
  • 9,063
  • 2
  • 18
  • 29
  • Can you not just use the named field from the field extract if you do that already? – thoroc Aug 09 '21 at 11:35
  • 1
    Yes. If the field is already extracted then you do not need to use `rex`. – RichG Aug 09 '21 at 11:56
  • how would you convert a duration into something similar to this to make dashboard? like if my value is "Runtime : 0:05:48.731730" Here 0 minutes and 5 seconds is what I am interested. – halil Aug 22 '22 at 07:37
  • That's a question deserving of its own posting. I'd use `rex` to break the duration into its component parts then use `eval` with the concatenation operator to put them into the desired format. – RichG Aug 22 '22 at 11:35