{ [-]
logger: org.mule.runtime.core.internal.processor.LoggerMessageProcessor
message: Received update request IL_Customer. Size of array: 1
properties: { [-]
correlationId: 4b910aaf-d316-4594-8eda-c56e861499d3
I want to extract the IL_customer and array size from the above log. What will be the regular expression.
Thanks in Advance
The values OP is seeking is in the field message. (From the illustration in OP, the event is JSON - but it is best to illustrate with raw text, not a copy from Splunk's formatted event view.) So
| rex field=message "Received update request (?<IL_Customer>[^\.]+)\. Size of array: (?<ArraySize>\d+)"
(Also slightly more efficient because the regex engine would be scanning smaller strings.)
There's probably a JSON-ic way to do that (assuming the event is pure JSON), but rex can handle a few fields nicely.
Assuming the order of fields is fixed, this regex should do it.
| rex "Received update request (?<IL_Customer>[^\.]+)\. Size of array: (?<ArraySize>\d+)"
The values OP is seeking is in the field message. (From the illustration in OP, the event is JSON - but it is best to illustrate with raw text, not a copy from Splunk's formatted event view.) So
| rex field=message "Received update request (?<IL_Customer>[^\.]+)\. Size of array: (?<ArraySize>\d+)"
(Also slightly more efficient because the regex engine would be scanning smaller strings.)