Below is my raw log
[08/28/2024 08:14:50] Current Device Info ... ****************************************************************************** Current Mode: Skull Teams Current Device name: xxxxx Crestron Package Environment version :1.00.00.004 Crestron Package Firmware version :1.17.00.040 Crestron Package Flex-Hub version :1.3.0127.00204 Crestron Package HD-CONV-USB-200 version :009.051
I want extract only : Crestron Package Firmware version :xx.xx.xxx
I wrote a query like bleow , but not working , pls help
index=123 sourcetype = teams
| search "Crestron Package Firmware version :"
| rex field=_raw ":\s+(?<CCSFirmware>.*?)$"
| eval Time(utc)=strftime(_time, "%y-%m-%d %H:%M:%S")
| table host Time(utc) CCSFirmware
