Solved: Help removing strings after a certain string with ...

harshparikhxlrd · ‎10-31-2019

I'm trying to remove characters after a certain string in my search string. I am still getting the strings after "3" appearing after. I only want a 3 to be displayed.

I only want the 3 to show up from "number of supervisor reminder memos sent:" and I want everything after the 3 to remove.

woodcock · ‎10-31-2019

If you would like to get 3 characters, use this:

... | rex "Number of supervisor reminder memos sent:\s*(?<ex>.{3}?)

If you would like to get all characters up to the first character 3, use this:

... | rex "Number of supervisor reminder memos sent:\s*(?<ex>[^3]+?)

View solution in original post

woodcock · ‎10-31-2019

If you would like to get 3 characters, use this:

... | rex "Number of supervisor reminder memos sent:\s*(?<ex>.{3}?)

If you would like to get all characters up to the first character 3, use this:

... | rex "Number of supervisor reminder memos sent:\s*(?<ex>[^3]+?)

nplamondon · ‎10-31-2019

It looks like your post got truncated; I don't see the complete event or your results.

Help removing strings after a certain string with Rex

Observability | How to Think About Instrumentation Overhead (White Paper)

Cloud Platform | Get Resiliency in the Cloud Event (Register Now!)

The Great Resilience Quest: 10th Leaderboard Update