I have an event with the field SRT and value as show below.
SRT="0|0|NA1|FB1|FE2|FE0|FR1|IR2|FE3|FR1|IR3|FD1|ID21|FE1|IE2|IE2|FE1|IE3|FE3|IE4|IB2|FE2|FE1|FE1|UD1|FE1|FE0|UE1|FH0|IH1|UB2|UG1|UG0|UG1"
I want to extract new fields with values by the first two letters.
Example:
NA=1
FB=1
FE=2 FE=0 FE=3
FR=1FR=1
IR=2 IR=3
FD=1
ID=21
FE=1
IE=2
etc...
Using the max_match with the rex command will do what needs to be done..
| rex field=SRT "FH(?d+)" max_match=10
Using the max_match with the rex command will do what needs to be done..
| rex field=SRT "FH(?d+)" max_match=10
Using rex would just grab one of the matches i require. For example:
| rex field=SRT "FH(?