Solved: Rex to get data between curly brackets

bsaujla131984 · ‎03-13-2020

I am struggling to fetch the data between curly brackets . Have tried multiple rex searches, however still not getting the required output :-

Message in log is as below:

msg=Call to https://hostname/rs/cf/webservice/user/authn failed. Status code: 401, response: {"statusCode":"Code","message":"Authentication failed"}|exception=|

I want to everything after response till exception.

Can anyone help with this please?

woodcock · ‎03-13-2020

Like this:

... | rex "(?ms)response:\s*(?<MyNewField>\{[^\}]+\})"

woodcock · ‎03-13-2020

Like this:

... | rex "(?ms)response:\s*(?<MyNewField>\{[^\}]+\})"

bsaujla131984 · ‎03-13-2020

Thanks Woodock. This was really quick response.

May I know the purpose of (?ms) ?

woodcock · ‎03-13-2020

In case your raw event data is multi-line. You probably do not need it.

Rex to get data between curly brackets