How can we get all unique session strings from log which can contains all combinations of characters , symbols and digits,
below are the examples of log. i want to target highlighted strings.
ERROR - zrnGuiw32!1424968190354 rrr19876055
**** Error _2zG4484222!-131990868 gdffg19876055
INFO - 2XH-s0aGm2!-1319620932!14267 yyu9879tyuy
Thanks
Are these full log entries OR you just posted a portion of it?
If these are full log entries and if your unique session strings are always in 3rd position, then try something like this
your base search | rex "^([^\s]+\s){2}(?<SessionString>[^\s]+)"
somesoni2's example works great if it is always in the 3rd position. But if that is not the case, you may want additional options. If the session id's are the 2nd to the last fields on the line, then you can do this:
your base search | rex "\s(?<SessionString>[^\s]+)\s+[^\s]+$"
So much depends on seeing a complete set of representative examples. Hopefully these are really representative of the data.
Are these full log entries OR you just posted a portion of it?
If these are full log entries and if your unique session strings are always in 3rd position, then try something like this
your base search | rex "^([^\s]+\s){2}(?<SessionString>[^\s]+)"
It worked for me. Thank you so much.
No those are not full log entries, but the regex which you provided is worked 🙂