Hi,
I have two below field[rstatus] values extracted from events
response.status = 200 response.status = 404
Can you share the regex to extract number[i.e 200 or 404 alone ] from above string.
Hello
try this regex:
...| rex field="rstatus" "response\.status\s\=\s(?<yourfield>\d+)" | ...
Regards
View solution in original post
Thanks a lot.. above solution is worked...
