Sample data:
<167>1 2014-11-15T16:45:44.542-07:00 host.name.com neat 11151 gcm [meta@28281 sequenceId="43096" sysUpTime="858744854"][analytics@28281 event="pushGcm" platform="GCM" outcome="0" errorCode="0" errorDesc="Push to apns success" errorContext="TCP-SSL" operation="PUSH_GCM" opTime="46" startTime="1416095144542" appId="appId" deviceToken="token" args="{\"time\":\"1416095144194\",\"batch\":\"26966\",\"tms_id\":\"tmsid\",\"src\":\"src\"}" txId="907472412"]
I want to extract the args and put it back in its appropriate fields . I know I can use Field Extractions and Field transformations but not working.
Field Transformation
Name:NEAT_BATCH
Rex: batch\\\\\":\\\\\"(?.*?)\\\\\",
Field Extraction
Name:NEAT_BATCH
Hi,
try it with this regular expression for the batch field:
\\\"batch\\":\\"(?<batch>\d+)\\"
Greetings
Tom
Hi,
try it with this regular expression for the batch field:
\\\"batch\\":\\"(?<batch>\d+)\\"
Greetings
Tom
Worked. Thanks Tom. Why does not it work with my regexp . Can you explain
Your regex didn't match. there are way to much "\" symbols in your regex and i think also your group definition "(?.*?)" is syntactically wrong.