For example :
these are some part of my logs:
sender= xyz(receiver=a, receiver =b)
sender= abc(receiver=a,receiver =d)
sender=xyz(receiver=a)
....more entries
And result should be something like:
sender=xyz receiver=a
sender=xyz receiver=b
sender=abc receiver=c
sender=abc receiver=d
and I am using remote button as input
So whenever i give input of receiver=a
it should give me a table like
sender = abc. 1
sender= xyz 2
Need help! To write query 😞
Hi @Dhruvi ,
try something like this:
This is the first:
Your_search
| rex field=sender "^(?<my_sender>[^\(]*)"
| rex max_match=10 field=sender "receiver\s*\=(?<receiver>\w*)"
| mvexpand receiver
| table my_sender receiver
This is the second:
Your_search
| rex field=sender "^(?<my_sender>[^\(]*)"
| rex max_match=10 field=sender "receiver\s*\=(?<receiver>\w*)"
| mvexpand receiver
| stats count BY receiver
Ciao.
Giuseppe