org_name="myOrg" index="myIndex" app_name="myAppName" space_name="Staging"
| rex field=msg "stack:(?<.*java\.lang.*Exception.*>\S+) "
| eval earliest=_time-1
| eval latest=_time+1
| cluster t=0.9 showcount=t
| head 20
| spath msg
| table timestamp,_time,stack,msg
| sort -timestamp
| reverse
I get the error:
Error in 'rex' command: Encountered the following error while compiling the regex 'stack:(?<.*java\.lang.*Exception.*>\S+) ': Regex: subpattern name expected
Can someone help?
Try this:
index="myIndex" org_name="myOrg" app_name="myAppName" space_name="Staging"
| rex field=msg "(?<stack>.*java\.lang.*Exception.*\S+)"
| eval earliest=_time-1
| eval latest=_time+1
| cluster t=0.9 showcount=t
| head 20
| spath msg
| table timestamp,_time,stack,msg
| sort -timestamp
| reverse
I am assuming that you are trying to create a field called stack
but I have no idea what the rest of the RegEx should be. If this is not correct, expand on this:
https://regex101.com/r/HdGXie/1
Try this:
org_name="myOrg" index="myIndex" app_name="myAppName" space_name="Staging"
| rex field=msg "(?<stack>java.lang.Exception.\S+)"
| eval earliest=_time-1
| eval latest=_time+1
| cluster t=0.9 showcount=t
| head 20
| spath msg
| table timestamp,_time,stack,msg
| sort -timestamp
| reverse