Hi,
I have the below type of logs:
log1: Mon Feb 8 02:57:36 EST 2021 41% /logs
log2: Mon Feb 8 02:57:36 EST 2021 73% /opt
log3: Mon Feb 8 02:57:36 EST 2021 69% /var
log4: Mon Feb 8 02:57:36 EST 2021 48% /apps
I want to create a table as below:
File_System Disk_Usage
\logs 41
\opt 73
\var 69
\apps 48
Here I want to extract the "Disk_Usage" and "File_System" fields with the respective values. This might be a very silly question but I might be missing out something while creating the rex command. So please help me create the rex command. you kind support will be highly appreciated.
Thank you.
hi @Mrig342,
Try this,
| makeresults
| eval _raw=" _raw
Mon Feb 8 02:57:36 EST 2021 41% /logs
Mon Feb 8 02:57:36 EST 2021 73% /opt
Mon Feb 8 02:57:36 EST 2021 69% /var
Mon Feb 8 02:57:36 EST 2021 48% /apps"
| multikv forceheader=1
| rex "\s(?<Disk_Usage>\d+)\%\s\/(?<File_System>\w+)"
| table File_System, Disk_Usage
If this reply helps you, an upvote/like would be appreciated.
hi @Mrig342,
Try this,
| makeresults
| eval _raw=" _raw
Mon Feb 8 02:57:36 EST 2021 41% /logs
Mon Feb 8 02:57:36 EST 2021 73% /opt
Mon Feb 8 02:57:36 EST 2021 69% /var
Mon Feb 8 02:57:36 EST 2021 48% /apps"
| multikv forceheader=1
| rex "\s(?<Disk_Usage>\d+)\%\s\/(?<File_System>\w+)"
| table File_System, Disk_Usage
If this reply helps you, an upvote/like would be appreciated.
Thank you very much @manjunathmeti.