Solved: How come the rex command is not working like norma...

jmorri6 · ‎03-05-2019

Given a string:

(path=/myPath/123/endpoint,method=GET,accept=text/plain;version=0.0.4;q=1,*/*;q=0.1,content-type=null,accept-encoding=gzip,totalTime=127),

I want to retrieve the value for "path" and "totalTime" to create a visualization.

The rex...

rex field=log "path=(?< endpoint>\/\w+),totalTime=(?< milliseconds>\d+)"

...doesn't produce any results. I've tried several variations. Can anyone help with this rex?

It doesn't produce any results.

renjith_nair · ‎03-05-2019

@jmorri6

Try

path=(?<endpoint>[\/\w\d]+).+totalTime=(?<milliseconds>\d+)

---
What goes around comes around. If it helps, hit it with Karma 🙂

tsaikumar009 · ‎03-05-2019

rex "path=(?P< endPoint>.*?)," | rex "totalTime=(?P< milliseconds>\d+)"

add these rex to your query to get the results.

renjith_nair · ‎03-05-2019

@jmorri6

Try

path=(?<endpoint>[\/\w\d]+).+totalTime=(?<milliseconds>\d+)

---
What goes around comes around. If it helps, hit it with Karma 🙂

How come the rex command is not working like normal regex?