Hi i have an event
Filename : 1.htm Content Type : text/html; charset=utf-8
how can i extract the (1.htm only) i tried ending the string with space but the regex still give me (1.htm Content Type : text/html; charset=utf-8)
1.htm
1.htm Content Type : text/html; charset=utf-8
sorry new to regex
Hi
... | rex "(?m)Filename\s+:\s+(?<file_name)[^\r\n]+)"
Should work. If you're happy, then you can put it in props.conf to make it more permanent;
[your_sourcetype] EXTRACT-blah = (?m)Filename\s+:\s+(?<file_name)[^\r\n]+)
...well what's the regex you're using?
