Hello,

I tried this

index=s4 *Error* | rex mode=sed field=_raw "s/(\w+\tError\t\d\t[^\t]*\s\d{4}\-\d{2}\-\d{2}\s\d{2}\:\d{2}\:\d{2}\s\([^\s]*\s)(\(\d+\)\)\s\w{3}\-\w{3}\-\d{5})(.*)/\2/g"

It works perfectly returning (1420)) SBL-UIF-00401 from

ObjMgrLog   Error   1   000f012e567243f0:0  2015-12-17 14:51:53 (cxsesmgr.cpp (655)) SBL-CFG-00157: O motor de execução do Siebel Product Configurator não foi inicializado.

When trying to put it on SEDCMD from props.conf:

SEDCMD-Error=s/(\w+\tError\t\d\t[^\t]*\s\d{4}\-\d{2}\-\d{2}\s\d{2}\:\d{2}\:\d{2}\s\([^\s]*\s)(\(\d+\)\)\s\w{3}\-\w{3}\-\d{5})(.*)/\2/

This doesn't substitute anything that it should!

Can anyone help me?

Thanks