I'm trying to write a field extraction on the search head using a regex . the sample data is as follows FIELDS: user,email,type,ip EVENT1: abc,abc@xyz.com,password ,127.0.0.1 EVENT2: xyz,,,127.0.0.5 the fields are comma-delimited whether or not there are values for each fields . In second event, email and type fields have no values(user and ip fields ALWAYS have values) Can someone assist me in a regex to handle all fields? if the field has no value (email or type) assign no values to the fields . Thanks in advance.
... View more