Solved: How can I use regex to list a table?

jacknguyen · ‎04-04-2023

I have a event like this:

I want to list a table following CLIENT_LIST. For example:

ip_vpn name_vpn time_vpn

10.10.0.20 louis_tran Tue Apr 4 9:21:41 2023

10.0.0.21 wanki_trinh Tue Apr 4 9:15:02 2023

---------------------

Anyone have any idea

ITWhisperer · ‎04-04-2023

jacknguyen · ‎04-04-2023

the table show nothing

bowesmana · ‎04-04-2023

You have a space in your rex statement after CLIENT_LIST,

You should have

CLIENT_LIST,(?<

you have

CLIENT_LIST, (?<

jacknguyen · ‎04-04-2023

it works. thank you. How ever the table like this:

And I just want splunk show the latest event and mvexpand it like this:

I try to use ||stats latest but its not working. Do you know how to do this

ITWhisperer · ‎04-04-2023

How can I use regex to list a table?