Hi guys,
First off I'd like to apologize for the lopsided question as I am kinda unsure of what I was asked to do! Alright, so Im going to post some logs and I need help from you guys to pull out some info from them. I need to pull out the bold text for all three logs, and was wondering if it was possible to put all of it into one search.
I am trying to get EmployeeDocumentsServicesImp.getDocument() also with the Elapsed time.
This should work:
<search that finds all 3 logs> | rex "(?P<service>EmployeeDocumentServicesImp[l]?\.getDocument(?:PDF)?)\(.* Elapsed time:\s+-\s\[(?P<elapsedTime>[\d\.]+)\]" | table service elapsedTime