Here's what my raw event looks like:
58daf92d66c83d000e469dfd.txt unsupported file format
I'd like to extract the following below during a search, to pull these fields:
How can I accomplish this using Rex?
Maybe something like:
| rex "(?P<task>^[^\.]+)(?P<fileExt>\S+\s(?P<errorReason>.*)"
I'm unsure if that first part should be [^.] or [^.]
The built in regular expression creator could help here or sites like https://regex101.com/
Maybe something like:
| rex "(?P<task>^[^\.]+)(?P<fileExt>\S+\s(?P<errorReason>.*)"
I'm unsure if that first part should be [^.] or [^.]
The built in regular expression creator could help here or sites like https://regex101.com/
This is exactly what I needed, thank you!