How to write regex to extract this line in this ve...

lsy9891 · ‎09-11-2019

Hi, I have a field called message:

Message="Fault bucket , type 0
Event Name: ServiceHang
Response: Not available
Cab Id: 0

Problem signature:
P1: MonsterWindowsService
P2: Monster.Services.Windows.ServiceBase.exe
P3: 2019.15.0.12
P4: 10
P5: 2
P6:
P7:
P8:
P9:
P10:

Attached files:

These files may be available here:

Analysis symbol:
Rechecking for solution: 0
Report Id: f9938371-b8d1-11e9-8f94-00505682bfbe
Report Status: 0"

And I'm trying to extract the line in bold? Is this possible or is there an easier way other than to write the regex?

MuS · ‎09-11-2019

Hi lsy9891,

try this:

| makeresults 
| eval Message="Fault bucket , type 0
Event Name: ServiceHang
Response: Not available
Cab Id: 0

Problem signature:
P1: MonsterWindowsService
P2: Monster.Services.Windows.ServiceBase.exe
P3: 2019.15.0.12
P4: 10
P5: 2
P6: 
P7: 
P8: 
P9: 
P10:

Attached files:

These files may be available here:


Analysis symbol: 
Rechecking for solution: 0
Report Id: f9938371-b8d1-11e9-8f94-00505682bfbe
Report Status: 0" 
| rex field="Message" "P1: (?<my_P1_field>.+)"

The field called my_P1_field will contain MonsterWindowsService.

Hope this helps ...

cheers, MuS

How to write regex to extract this line in this very long field?