Hi,
I need to extract unique values as per below sample data
Its has unique format like [ parameter : mailboxName | value : mail\tdev2.nsf], how to extract the data with parameter name and its value?
[2017-11-06]T[16:33:21.122]Z 31 WebContainer : 4 WARNING [ parameter : mailboxName | value : mail\xdevx.xxx];[ parameter : userID | value : CN=Test Dev2/OU=US/O=xxxDEV];[ parameter : OPERATION | value : SEARCH ];[ parameter : session | value : eSbBsoxxxxxx_O9AIxxxxxx ] [com.xxx.xxx.actions.MainAction: execute]
Please advise.
Thanks
Mayank
Hi mayank141,
you can use the search time reporting transforms in props.conf
and transforms.conf
to get this captured:
props.conf
[mySourceType]
REPORT-myUniqueClassName = myTransform
transforms.conf
[myTransform]
REGEX = \[\s\w+\s:\s(\w+)\s\|\s\w+\s:\s([^\]]+)
FORMAT = $1::$2
This will capture the value after parameter :
as field name and the value after value :
as value of the field.
Hope this helps ...
cheers, MuS
Search time or index time field extraction?