I have a log file where the last field contains space separated values and I would like to create a table containing the value of this last field, to the substring starting after myField=
, and ending at the end of the line
an example log file would look like:
timestamp=2322 foo=bar myField=Hello pretty world
timestamp=2323 foo=joe myField=Good by moon
My desired result would be
Hello pretty world
Good by moon
I tried, unsuccessfully: | regex myField="$" as mySentence | table mySentence
YOu should be using rex command to capture/extract fields. Try like this
your base search | rex "myField=(?<mySentence>.*)$" | table mySentence
YOu should be using rex command to capture/extract fields. Try like this
your base search | rex "myField=(?<mySentence>.*)$" | table mySentence
Thanks for your answer! It works well except if mySentence
does not start with an alphanumerical character, do you have any idea why that is, since .
should match against any character?
myField=RT @UMich: You can watch the panel
Would be an example where I only get RT
stored in mySentence
Can you provide an example? .
would indeed match any character.
Can you please post your sample log line and what are you trying to extract from that log line. We can help thereafter.