Hello,
I have the following string pattern (source):
/trace/DB_BWP/xsengine_ls5925.30246.crashdump.20190312-213001.009072.trc
Now I need to create at search following fields:
- DBSID, being "BWP" in this case
- servis, being the "xsengine"
- filename, being "xsengine_ls5925.30246.crashdump.20190312-213001.009072.trc"
For the filename I managed to find the following:
| rex field=source "(?<filename>[\w\d\.-]+$)"
But somehow I struggle with the first two ...
Kind Regards,
Kamil
Hi @damucka
Try like
| makeresults
| eval log="/trace/DB_BWP/xsengine_ls5925.30246.crashdump.20190312-213001.009072.trc"
| rex field=log "\/.+_(?P<DBSID>.+)\/(?P<servis>.+)\_(?<filename>.+)$"
| eval filename = servis."_".filename
Hi @damucka
Try like
| makeresults
| eval log="/trace/DB_BWP/xsengine_ls5925.30246.crashdump.20190312-213001.009072.trc"
| rex field=log "\/.+_(?P<DBSID>.+)\/(?P<servis>.+)\_(?<filename>.+)$"
| eval filename = servis."_".filename
Hi @vnravikumar
Thank you, it work fine.
Kind regards,
Kamil