yep. here are two sample logs
2014-06-04 23:42:42,115,,,1401889361349,MetricLogger,TDI_CLOUDCSX_1,1401889361349,hymlxsdfbpe11_1401889362113_11537,,RetrieveIdentityDetails,148
2014-06-04
23:42:36,427,,,0dedf85a-fbdb-43cb-b9f1-d4a0f636ab97,MetricLogger,TELSTRA_PREPAIDACTIVATION_STRATEGIC,0dedf85a-fbdb-43cb-b9f1-d4a0f636ab97,chslxsdfbpe05_1401889356427_2871,,CCandB.CreateNewBillingAccount,2983
i tried two methods,
FIRST method, just in props as below. does not quite work. worked when i use rex field=_raw "regex" though in search field though. tested in on one of those regex online as well
[sdf_bpel_metric]
EXTRACT-SDFCorepolicymetrics = (?:[^,\n],){5}(?P [a-zA-Z]+),(?P [^,] ),(?:[^,\n],)(?P [^,] ),(?P [^,]),(?P [^,] )
SECOND method
in props
[sdf_bpel_metric]
REPORT-sdf_policy_metric = SDFCorepolicymetrics
in transforms
[SDFCorepolicymetrics]
FORMAT = requestApplicationLabel::$1 requestTransactionID::$2 callingApplication::$4 callType::$5 function::$6
REGEX = ([a-zA-Z]+),([^,]),([^,]),([^,]),([^,]),([^,]*),
... View more