Solved: How to use regex to extract field?

kiran331 · ‎07-26-2017

HI How to extract the field with space using regex?

name:
T11345DDF ERROR
T11345SSDF Volume C

values:
123455-25335535-55454545-5656566-45655-36565656-6656-488656 TPM

I need to extract T11345DDF , T11345SSDF , 123455-25335535-55454545-5656566-45655-36565656-6656-488656

gokadroid · ‎07-26-2017

Let's say that it is always the first word in each event line then can you try this please:

your query to return events
| rex "^(?<myField>[^\s]+)\s*"
| table myField

See extraction here

rbreton · ‎07-27-2017

If you need more flexibility you might need to create fields extractions. If it was me, I would create 3 separate field extractions.

- (?P<error>.*?)\sERROR
- (?P<volume>.*?)\sVolume
- (?P<tpm>.*?)\sTPM

gokadroid · ‎07-26-2017

Let's say that it is always the first word in each event line then can you try this please:

your query to return events
| rex "^(?<myField>[^\s]+)\s*"
| table myField

See extraction here

kiran331 · ‎07-26-2017

Thanks gokadroid.

How to use regex to extract field?