Solved: rex command to extract

sphiwee · ‎07-07-2020

[2020-07-07 12:40:01+0200] workspace_sandbox RUNNING pid 17159, uptime 21 days, 21:43:58

i have this line of log but i want to extract only workspace_sandbox as a field called Services

im using rex "(^(?<Service>\s\s\w+.\w+))\s\s" but having no luck.

Also want to extract "Running" as status

gcusello · ‎07-07-2020

please, try this

| rex "\]\s+(?<service>[^ ]+)\s+(?<status>[^ ]+)"

Ciao.

Giuseppe

to4kawa · ‎07-07-2020

| rex "\]\s(?<Service>\S+) (?<status>\S+)"

sphiwee · ‎07-07-2020

This is what i get, dont think it has to be like this.. any ideas?

gcusello · ‎07-07-2020

please, try this

| rex "\]\s+(?<service>[^ ]+)\s+(?<status>[^ ]+)"

Ciao.

Giuseppe

sphiwee · ‎07-07-2020

thanks, you're a legend.

gcusello · ‎07-07-2020

You're welcome!

Karma Points are appreciated.

Ciao.

Giuseppe

rex command to extract