Hello all,
I am trying to extract fields (tried the dynamic extraction and manual using rex®ex) but am unable to get it just right. My data looks like the following:
Apr 30 00:48:25 "ip_address" Apr 30 2012 00:48:25: %ASA-4-113019: Group = "Group",
Username = "User", IP = "ip_address",
Session disconnected. Session Type: SSL, Duration: 1h:59m:24s, Bytes xmt: 86659734,
Bytes rcv: 4557700, Reason: User Requested
I would like to extract the Bytes xmt and Bytes rcv to separate fields (on search time). Then I would like pipe to an eval statement that adds them then another pipe to the timechart.
I have tried a lot of regex and rex combinations using this site regular expression reference as a ref . But I've only gotten as far as rex field=_raw "Bytes xmt: (? .,)" , which only gives the first decimal?
I am probably doing this entirely wrong as this is my first expression so any help you can give would be great!
Thank you,
... View more