topic Custom Regex in Knowledge Management

Custom Regex

vishwa — Thu, 11 Apr 2024 17:15:22 GMT

Below is the regex used, here we want to extract following fields:
DIM
TID
APPLICATION
POSITION
CORRLATIONID

The rex which i used is extraction DIM, TDI, APPLICATION as one field, but we need them separately.
We need to write the rex generic so that it should capture the data if there are different field names as well

Re: Custom Regex

ITWhisperer — Thu, 11 Apr 2024 17:36:09 GMT

You could try something like this

Re: Custom Regex

SierraX — Thu, 11 Apr 2024 17:42:10 GMT

With this kind and quality of screenshot it's very hard to help.
Take a look to Fields in settings and there especially for Field extractions and Field transformations

Re: Custom Regex

vishwa — Thu, 11 Apr 2024 17:52:49 GMT

Hi @ITWhisperer ,

Actually I need the generic rex like the way I posted in the screen shot because this is given in transforms.conf file and i tried the query u provided it's not working

Re: Custom Regex

scelikok — Fri, 12 Apr 2024 05:57:07 GMT

Hi @vishwa,

You can use below regex;

([A-Z]+)\:\s+(.+?)\s+

Re: Custom Regex

PickleRick — Fri, 12 Apr 2024 08:09:31 GMT

UGH. If you have any say in this - try to force the team responsible for producing these logs to get them in some reasonable format. It's some mix of pseudo-syslog embedded in some pseudo-json, and containing some "kinda delimited key/value pairs". It's not gonna end well.