Solved: Why am I unable to get the exact rex output?

Nagalakshmi · ‎08-22-2023

Hi Team,

We are trying to extract the hostname from the logs . but unable to get the exact output ( we need hostname as sample-987) . Please find the logs and tried command. Please assist us on high priority. Thanks

logs:-
Symptom: type DD Alert Sample-987: CRITICAL: DiskFailure: HardwareFailure

Our Command:-
| rex field=_raw "DD\s\Alert\s(?<HostName>\w+-\d+)"

Regards,
Lakshmi

Nagalakshmi · ‎08-23-2023

Hi @isoutamo ,

Thank you for your help! We got the expected output by using the below mentioned command.

View solution in original post

ITWhisperer · ‎08-22-2023

You don't need the backslash before the A (\A asserts position at start of the string)

isoutamo · ‎08-22-2023

Hi

can you try this

| rex "DD Alert (?<HostName>[^:]+)"

r. Ismo

fixed: removed unnecessary escape characters.

Nagalakshmi · ‎08-23-2023

Hi @isoutamo ,

Thank you for your help! We got the expected output by using the below mentioned command.

Why am I unable to get the exact rex output?

dashboard

other

Observability | How to Think About Instrumentation Overhead (White Paper)

Cloud Platform | Get Resiliency in the Cloud Event (Register Now!)

The Great Resilience Quest: 10th Leaderboard Update