Solved: Rex formatting trouble

MikeB · ‎10-06-2021

Hello again Spelunkers!

So I have data that looks like this:

assessment=normal [1.0]
assessment=normal [1.1]
assessment=suspect [0.75]
assessment=suspect [0.88]
assessment=bad [0.467]

I want a table column named rating that takes the "normal," "suspect," "bad" without the [###] after it. So I wrote the below thinking I can name the column rating and then capture any alpha characters and terminate at the white space between the word value and the [###] value. What would be the correct way of writing this? Thank you in advance!

| rex field=raw_ "assessment=(?<rating>/\w/\s)"

danielcj · ‎10-06-2021

Hi,

Please, try the following:

| rex field=_raw "assessment=(?<rating>\S+)"

View solution in original post

danielcj · ‎10-06-2021

Hi,

Please, try the following:

| rex field=_raw "assessment=(?<rating>\S+)"

MikeB · ‎10-07-2021

Thank you! This worked perfectly.

Rex formatting trouble

rex

AI for AppInspect

App Platform's 2025 Year in Review: A Year of Innovation, Growth, and Community

Operationalizing Entity Risk Score with Enterprise Security 8.3+

Join the Conversation

Rex formatting trouble

rex

AI for AppInspect

App Platform's 2025 Year in Review: A Year of Innovation, Growth, and Community

Operationalizing Entity Risk Score with Enterprise Security 8.3+