Solved: How to extract regular expressions?

ranjithan · ‎07-25-2022

Hi ,

Need some help to extract regular expressions.

I have a set of unstructured logs . Part of the log is as shown below:

"RequestUTCDateTime":"2022-07-25T11:19:29.0106873Z"}

How would one extract 2022-07-25T11:19:29.0106873Z and assign it to field RequestUTCDateTime, .

This should be done whenever "RequestUTCDateTime" is encountered in the raw log.

Please help me.

Thank You,

Ranjitha N

richgalloway · ‎07-25-2022

You can extract the field at search-time using the rex command.

| rex "RequestUTCDateTime\\\":\\\"(?<RequestUTCDateTime>[^\\\"]+)"

Or it can be extracted automatically using an EXTRACT setting in props.conf:

EXTRACT-RequestUTCDateTime = RequestUTCDateTime":"(?<RequestUTCDateTime>[^"]+)

---
If this reply helps you, Karma would be appreciated.

richgalloway · ‎07-25-2022

You can extract the field at search-time using the rex command.

| rex "RequestUTCDateTime\\\":\\\"(?<RequestUTCDateTime>[^\\\"]+)"

Or it can be extracted automatically using an EXTRACT setting in props.conf:

EXTRACT-RequestUTCDateTime = RequestUTCDateTime":"(?<RequestUTCDateTime>[^"]+)

---
If this reply helps you, Karma would be appreciated.

ranjithan · ‎07-25-2022

Thank You so much for the help!

How to extract regular expressions?