I got a log containing "Step" values in order:
Step=11001 , Step=11018 , Step=12302 , Step=12319 , Step=12800 , Step=12805 , Step=12806 , Step=12801 , Step=12802 , Step=12305 , Step=11006 , Step=11001 , Step=11018 , Step=12304 , Step=12319 , Step=12804 , Step=12816 , Step=12311 , Step=15041 , Step=15004 , Step=15013 , Step=24432 , Step=24416 , Step=22037 , Step=15044 , Step=12312 , Step=12305 , Step=11006 , Step=11001 , Step=11018 , Step=12304 , Step=12306 , Step=11503 , Step=24703 , Step=24702 , Step=15035 , Step=15042 , Step=15036 , Step=15004 , Step=15016 ,
How can I extract fields from this? End result should be that each Step has its own field (Step1, Step2) and so on
Don't know if you can do it with a regex, but what you can do is capture everything from the first "Step=" to the next field value, and then use makemv
with delim=" , Step="
Regex would look like this:
... | rex "Step=(?P<steps>.+) ,<following field>"
or if there are no fields after the "step" fields:
... | rex "Step=(?P<steps>.+) , $"
Then use makemv to convert the single string into a list of values:
... | makemv delim=" , Step=" steps
This should result in something like this:
Field1 Field2 steps
A B 11001 11018 12302 ... 15016
Hope this helps
Don't know if you can do it with a regex, but what you can do is capture everything from the first "Step=" to the next field value, and then use makemv
with delim=" , Step="
Regex would look like this:
... | rex "Step=(?P<steps>.+) ,<following field>"
or if there are no fields after the "step" fields:
... | rex "Step=(?P<steps>.+) , $"
Then use makemv to convert the single string into a list of values:
... | makemv delim=" , Step=" steps
This should result in something like this:
Field1 Field2 steps
A B 11001 11018 12302 ... 15016
Hope this helps
| rex max_match=0 "Step=(?<a_Step>([0-9]{5}))"
This puts all the "Step" values in one field called "a_Step"
Next task is to lookup the a_Step-values in a .cvs-file and properly present the info to a user
| lookup my_csv_lookup "Message Code" AS a_Step OUTPUT Category
When using the search app and applying the rex+lookup the "Category" field now lists the Category for each Step in the right order.
Next task at hand is to figure out how to best present this to the users accessing the data
Thanks for the input - it got us on the right track:)