Hello,
From my system I recive number of events, some of them contain a value of the letter 'c' and then 7 digits like so: 'c5426987'. I want to create a field by the name user_id that will contain that value.
I tried to use extract field and mark the value I was searching for but it got only some of the results and not all of them, the thing is that the value shows up in different ways like:
- name:c1234567
-somedata/c1234567
- login by c1234567
and I can't find a way to get them all...
I tested a regex in a website that examines regexes and it did extract what I was searching for. the regex I tested was: "/c[/d]{7}/g" and it gave the wanted results on the website.
I tried using both rex and regex commands and they didnt seem to work...
can you please help me to find the way to create the field "user_id" using that regex?
thanks!
omer shira
Try this
your search
| rex "(?<user_id>c\d{7})"
Try this
your search
| rex "(?<user_id>c\d{7})"
Yay! that's worked!