I am searching windows event log.
Aftre result search complete, Account_Domain contains following value
"- ABC"
How can I left ABC inside??
| rex field="Account_Domain" mode=sed "s/([0-9]{4}) /\1,,/" not working
Hi
Check this
| rex field=Account_Domain max_match=0 "(?P<Account_Domain>\w+)"
View solution in original post
Become like this
ALPHA ALPHA
Can you provide some sample data with the expected output?
