this is my data.
Field:time
Value:2017-05-02 06:31:04
I want to capture the value to use ''rex'' command .for example: 2017-05-02 06:31:04
So,I choose this command.
rex field=time "(?2017/05/02 06:31:\d{2})
but it can't work. Can you help me?
A copy of the _RAW log would help. But I think I believe you might be missing the named group, for the new field you are extracting. Give this a go:
rex field=time "2017/05/02 06:31:(?<seconds>\d{2}"
A copy of the _RAW log would help. But I think I believe you might be missing the named group, for the new field you are extracting. Give this a go:
rex field=time "2017/05/02 06:31:(?<seconds>\d{2}"
I forget to add ,so my "rex" command is false.
Thanks,It can work.
try this
rex "(?<Time>\d+-\d+-\d+\s+\d+:\d+:\d+)"
Please be sure to use the code button on the toolbar (101010) to add code or events - otherwise the editor eats parts of it.
Do you mean this?
Field Value
time 2017-05-02 06:31:04
In other words a row with a field named Field
whose value is time
and another field named Value
whose value is 2017-05-02 06:31:04
?
And if so, are you trying to make it so that this row has a field named time
whose value is 2017-05-02 06:31:04
?
We need much more clarity on what your actual source data looks like and what your desired output is.