I have a log statement like 2017-06-21 12:53:48,426 INFO transaction.TransactionManager.Info:181 -{"message":{"TransactionStatus":true,"TransactioName":"removeLockedUser-1498029828160"}} . How can i extract TransactionName and TranscationStatus and print in table form TransactionName and its count.

I tried below query but didn't get any success. It is always giving me 0.

sourcetype=10.240.204.69 "TransactionStatus" | rex field=_raw ".TransactionStatus (?.)" |stats count((status=true)) as success_count

Solved it with this :

| makeresults | eval _raw="2017-06-21 12:53:48,426 INFO transaction.TransactionManager.Info:181 -{\"message\":{\"TransactionStatus\":true,\"TransactioName\":\"removeLockedUser-1498029828160\"}}" | rename COMMENT AS "Everything above generates sample event data; everything below is your solution" | rex "{\"TransactionStatus\":(?[^,]),\"TransactioName\":\"(?[^\"])\"" | chart count OVER TransactioName BY TransactionStatus