<37>Aug 27 10:52:59 DC1TPSMS02 CEF:0|TippingPoint|UnityOne|1.0.0.17|7611|Suspicious Country Blacklist|1|app=IP cnt=1 dst=192.54.112.30 dpt=53 act=Block cn1=0 cn1Label=VLAN ID cn2=33554431 cn2Label=Taxonomy cn3=0
from above data i want to extract below line
Aug 27 10:52:59 DC1TPSMS02 CEF:0|TippingPoint
hi @vikram1583
Please see below screen shot from my and @jpolvino 's rexes, see the author field in first query and extract field in the second query.
Where are you checking for the these fields after you run your rex?Please hardcode first n confirm that the author or extract filed output is what you need
hi @vikram1583
both solutions given by me and @jpolvino work
have you tried the makeresults one, use it as it is? can you paste the screen shot of your output?
there is no way the makeresults won't work - I have hardcoded the text, please run the code and give us the snapshot of the statistics tab output