hi all,
how to extract this message bgp_connect_start: connect 2403:df40:0:16::3 (Internal AS 14630) (instance master): No route to host as new fields as BGP connection fields
BGP_CONNECT_FAILED: bgp_connect_start: connect 2403:df40:0:16::3 (Internal AS 14630) (instance master): No route to host
Hi @sekhar463,
could you share your full log?
the regex for the log you shared could be:
| rex "BGP_CONNECT_FAILED: (?<BGP_connection>.*)"
that you can test at https://regex101.com/r/4s62eG/1
but to be more sure I nned the full log.
Ciao.
Giuseppe
Thank you its working manually.
how to add automatically for a source type.
i have added the regex in the field extractor but not getting field populated while searching with the sourcetype
Hi @sekhar463,
you can automatically extract the field using the Field Extractor or the [Settings > Fields > ield Extraction > new Field] (in this case you have to identify the sourcetype for the Field Extractioj.
Ciao.
Giuseppe
yes i did the same and i have given below regex.
but still not reflecting in the search data
Hi @sekhar463,
check the sourcetype and wait some minute before testing the field extraction, it isn't immediate.
Ciao.
Giuseppe