Hi I have the below data , and am trying to extract the below
Start lsakjdf sdlkj sd CODE=CODE1 ksdjf ksajfd sakjdf Start $jdf$ ssfjdlkj sd CODE=CODE2 ksdjf ksajfd sakjdf Start lsakjdf CODE=CODE3 ksdjf ksajfd sakjdf Start lsakj44 sdlkj sdah sd CODE=CODE4 ksdjf ksajfd sakjdf
CODE=CODE1 CODE=CODE2 CODE=CODE3 CODE=CODE4
Did you try below regex:
| rex field=_raw "(?P<data>\w+=\w+)"
View solution in original post
that did work ,
I set it up using the below as well
|eval CODE = trim(substr(mvindex(split(MSGTXT," "),mvfind(split(MSGTXT," "),"CODE=")),0,10))
Are you looking for a regex? (?P<data>\w+=\w+) maybe?
(?P<data>\w+=\w+)
I am fine with any approach as far as i get my result.
regex as well is fine.
