In few logs I can see escape character is also printed. My rex is working fine when i am testing it on regex101.com but when i use the same in Splunk Search, its throwing error. I tried different combination by putting quotes but then different error comes.
Regex: https://regex101.com/r/Nm32kd/2
Splunk error:
@gcuselloThanks for your reply. Its not throwing error now though not extracting eligibiltyStatus field as well.
Hi @MrIncredible,
please try this regex:
| rex "eligibiltyStatus\\\": \\\"(?<eligibiltystatus>[^\\]+)"
Ciao.
Giuseppe
error:
and if i did some changes (marked in yellow) in regex, not getting error but also not getting desired result:
Hi @MrIncredible,
try to add another backslash to your regex in Splunk:
| rex "eligibiltyStatus\\\": \\\"(?<eligibiltystatus>.*?)\\\"\,\\n"
ciao.
Giuseppe