I have field log-sshd like this:log-sshd="Apr 5 xx:xx:xx serverhost sshd[xxxx]: Failed password for user xxx from xx.xx.xxx.xx port xxxx ssh2"What is the SPL search if i just wanna get the word that i bolded ?
| rex "\]:(?<message>.*)"
View solution in original post
Thanks