Solved: How to create a table?

minpd0309 · ‎12-11-2022

HI, I want to make the log below in the form of the table below. What should I do with the spl?

[log ex]

14:39:19.857 INF [md_system_user] remove success [user id:kimkimkim] by [id:tom]

[table]

user id	id
kimkimkim	tom

gcusello · ‎12-12-2022

you have to extract (using a regex) the fields and then run something like this:

index=your_index
| rex "\[user id:(?<user_id>\w+)\]\s+by\s+\[id:(?<id>\w+)"
| table user_id id

Ciao.

Giuseppe

gcusello · ‎12-12-2022

you have to extract (using a regex) the fields and then run something like this:

index=your_index
| rex "\[user id:(?<user_id>\w+)\]\s+by\s+\[id:(?<id>\w+)"
| table user_id id

Ciao.

Giuseppe

How to create a table?