Solved: How do I extract the following fields using the re...

maheshsat · ‎11-14-2018

I want to extract Balance (Entered)="10008.1311701944" and Balance (Functional)="11648.1319999944" fields from below logs

Log:

GL Test="000000", GL Test2="0000", Balance Type="Debit", Balance (Entered)="10008.1311701944", Balance (Functional)="11648.1311701944"

Command:

index=test sourcetype="test" | rex field=_raw ".*\w+\s+\w+\=\"\d+\.\d+\"\s+[?\w+\s+\w+\"\d+\"\,\s+\w+]\s+\w+.*"

burwell · ‎11-14-2018

Hello.

How about

<your search...> | rex "Balance \(Entered\)=\"(?<balance_entered>[^\"]+).+Balance \(Functional\)\=\"(?<balance_functional>[^\"]+)"

By the way I used the website regex101.com to debug this

burwell · ‎11-14-2018

Hello.

How about

<your search...> | rex "Balance \(Entered\)=\"(?<balance_entered>[^\"]+).+Balance \(Functional\)\=\"(?<balance_functional>[^\"]+)"

By the way I used the website regex101.com to debug this

How do I extract the following fields using the rex command?