Hi,
I had the following sentence and wish to extract fields as follows:
event Row: 1234, tp1, 314242, 1, 2014-09-27 12:00:19.0, track, 55444, test
Below is the fields to extract from the above event.
Key Value
S_ID 1234
type tp1
B_ID 314242
mode 1
B_date 2014-09-27 12:00:19.0
name track
c_ID 55444
c_name test
How to go abt extracting the fields in the most simplest way? thks
Do it in the form of a REPORT in props/transforms.
props.conf
[your_sourcetype]
REPORT-blah = get_my_fields
transforms.conf
[get_my_fields]
DELIMS = ","
FIELDS = S_ID, type, B_ID, mode, B_date, name, c_ID, c_name
/K
Try this
Your base search | rex "(?<S_ID>.*),(?<type>.*),(?<B_ID>.*),(?<mode>.*),(?<B_date>.*),(?<name>.*),(?<C_ID>.*),(?<C_name>.*)"