I am battling a field extraction. I am trying to get the text extracted from an error message in a log that follows a pattern. Here are a couple of examples of lines in the log:
LOG ERROR:6/6/2014 3:37 PM:Error during accepting socket connection - A blocking operation was interrupted by a call to WSACancelBlockingCall
LOG ERROR:6/5/2014 1:21 PM:NHibernate.dll wasn't found. NHibernate Service Browser and Handler won't be working
I am trying to extract the text after "LOG ERROR:6/6/2014 3:37 PM:". I have tried the following extraction:
(?i)\w+\s+\w+:\d+/\d+/\d+\s+\d+:\d+\s+\w+: (?P
What am I missing? The field extraction fails. I do not know if I have an error in the REGEX or in the general layout of the field extraction.
Try this
"(?i)^(?:[^:]*:){3}(?P<ErrorMessage>.+)"
Updated:
Give this a try
"(?i)^LOG ERROR(?:[^:]*:){3}(?P<ErrorMessage>.+)"
hi , i have the logs followed with the structure like this:
...... - Start Performance Logging: [txID=12345678910-EJBClient987654321-EJBServer45678910; method=getValue]
how can i extract the EJBServer45678910- theses values from the txID ?
I would be greatful for the response. Since from my of my logs i have to extract the EJBServerxxxxxx values.,
Please post a new question instead of hijacking an old question.
do in 2 parts : a search condition to find all the errors events, and then a field extraction to generate the new field.
<mysearch> "LOG ERROR" | rex "(?i)^(?:[^:]*:){3}(?P<ErrorMessage>.+)" | table ErrorMessage
The suggested regex works great. My problem now is that there is another line in the logs that matches the format of the one I want. The data I want contains the text "log error". The data I do NOT want contains the test "log info". Is there a way to modify the regex to exclude the "log info" lines?