Solved: Re: How to extract an unescaped value?

yk010123 · ‎04-06-2022

I have the following data :

query="select field from table where (status!="Y") and ids.id IN ["123","145"] limit 500" params="{}"

How can I extract the field query ignoring the special characters?

My query .... | table query params Is cut off when it reaches the status field.

How can I extract everything regardless of the special characters?

Is there any recommended format that I should change my logs to make them easier to parse?

mayurr98 · ‎04-06-2022

is this what you are looking for?

<your search> | rex field=_raw "query=\"(?<query>.*)\"\s+params=\"(?<params>[^\"]+)" | table query params

if not, then please give us some input examples and the expected output you are looking for.

mayurr98 · ‎04-06-2022

is this what you are looking for?

<your search> | rex field=_raw "query=\"(?<query>.*)\"\s+params=\"(?<params>[^\"]+)" | table query params

if not, then please give us some input examples and the expected output you are looking for.

How to extract an unescaped value?