HI @manjunathmeti@ITWhisperer , Thank you for your quick reply . I have a followup question as I intend to use capture group to gather errors . My existing search is something like below :
index=* "IOError" OR "file does not exist" |
rex field=_raw max_match=1 "IOError:(?<IO_ERROR>.*)" |
rex field=_raw max_match=1 "MESSAGE=(?<FILE_ERROR>file does not exist[^\d|]+)" |
... | eval ERROR_LOG = coalesce(IO_ERROR,FILE_ERROR...)
Can I incorporate the sed mode in this type of capture group or is there any other way ?