Hi Guys,
Could you possibly assist me with creating a rex for the log below?
Rex for "CEOTransactionSessionId":"1D2667DC-7849-1122-3FE3-C4A08EAC9FEB"
@ITWhisperer What would be the rex for --> [en_US] [ANDROID] [23.3.0]
Thanks in advance
With the previous request, is seemed obvious that you wanted to extract the field value (assuming this was a JSON field), however, with this request, it is not clear what you are asking for. Please clarify what you are trying to do.
@ITWhispererI'd want to extract fields, however some of them aren't in interesting fields. The first one you provided worked. so if you could make the rex for this as well :
[04/24/2023 05:47:38.551][530e4835abe4717b,530e4835abe4717b,,][CAPIRESP] [ec-25] I [go.web.filter.APILoggingFilter: ] [en_US] [ANDROID] [23.3.0]
I'd want to copy the text in bold above.
For rex, you need anchors. I have assumed the end of the event will act as the anchor.
\[(?<lang>[^\]]+)\]\s\[(?<os>[^\]]+)\]\s\[(?<version>[^\]]+)\]\s?$
If this doesn't work, you will have to share your actual events (anonymised of course), preferably in a code block </> similar to above, so that formatting is preserved
\"CEOTransactionSessionId\":\"(?<CEOTransactionSessionId>[^\"]+)\"