I want to extract Balance (Entered)="10008.1311701944" and Balance (Functional)="11648.1319999944" fields from below logs
Log:
GL Test="000000", GL Test2="0000", Balance Type="Debit", Balance (Entered)="10008.1311701944", Balance (Functional)="11648.1311701944"
Command:
index=test sourcetype="test" | rex field=_raw ".*\w+\s+\w+\=\"\d+\.\d+\"\s+[?\w+\s+\w+\"\d+\"\,\s+\w+]\s+\w+.*"
Hello.
How about
<your search...> | rex "Balance \(Entered\)=\"(?<balance_entered>[^\"]+).+Balance \(Functional\)\=\"(?<balance_functional>[^\"]+)"
By the way I used the website regex101.com to debug this
Hello.
How about
<your search...> | rex "Balance \(Entered\)=\"(?<balance_entered>[^\"]+).+Balance \(Functional\)\=\"(?<balance_functional>[^\"]+)"
By the way I used the website regex101.com to debug this