I have below raw string
03 Mar 2022 10:08:18,188 GMT ERROR [dbdiNotificationService,ServiceManagement] {} - Caught Runtime exception at service dbdiNotificationService java.lang.IllegalArgumentException: No enum constant com.db.fx4capi.Fx4cApiLocal.TradeProcessingStatus.TRADE_STATUS_CANCELLED at java.lang.Enum.valueOf(Enum.java:238) ~[?:1.8.0_311] at com.db.fx4capi.Fx4cApiLocal$TradeProcessingStatus.valueOf(Fx4cApiLocal.java:10) ~[trade-22.1.1-8.jar:?] at com.db.fx4cash.trade.step.GetTradeReferenceAndStatusStep.step(GetTradeReferenceAndStatusStep.java:24) ~[step-22.1.1-8.jar:?] at com.db.servicemanagement.TransactionDispatchService.executeIteration(TransactionDispatchService.java:275) [servicemanagement-22.1.1-8.jar:?] at com.db.servicemanagement.TransactionDispatchService.startDispatch(TransactionDispatchService.java:673) [servicemanagement-22.1.1-8.jar:?] at com.db.servicemanagement.TransactionDispatchService.run(TransactionDispatchService.java:91) [servicemanagement-22.1.1-8.jar:?] at com.db.servicemanagement.ServiceThread.run(ServiceThread.java:36) [servicemanagement-22.1.1-8.jar:?] at java.lang.Thread.run(Thread.java:748) [?:1.8.0_311]
--------------------------------------------------------------------------------------------------------------------------------------
I would like to capture marked in bold.
am using below command but getting partial output.
index=app_events_fx4cash_uk_prod source=*STPManager-servicemanagement.20220303-100818.log*
| rex field=_raw "^[^\-\n]*\-\s+(?P<Error>.+)"
| table Error
my output
Caught Runtime exception at service dbdiNotificationService
but my requirement is i need to capture whole error marked in bold
You should use a code block when post these. Is this just s string or a multiline event?
I any case this should be able to get it:
| rex "[^\-\n]\s+\-\s+(?P<Error>.+)"
Tested in regex101
https://regex101.com/r/xWQ0mj/1
Not working,
however below working for me
rex field=_raw "^[^\-\n]*\-\s+(?P<Error>.$)"