How to extract logs by rex ?
"TranStartTime":"2017-05-08T02:40:58.856-04:00", "TranEndTime":"2017-05-08T02:40:58.902-04:00"
need to TranStartTime and TranEndTime
Try this:
_your_search_ | rex "\"TranStartTime\":\"(?P<tranStartTime>[^\"]*)\",\s\"TranEndTime\":\"(?P<tranEndTime>[^\"]*)\""
I'd probably put them in two separate rexes, just in case they ever arrived in a different order or separated by something else. Upvoted anyway, it works per regex101.com.