Hi Team, I have below row logs: 2023-08-30 07:43:29.000 [INFO ] [Thread-18] StatisticBalancer - statisticData: StatisticData [selectedDataSet=13283520, rejectedDataSet=0, totalOutputRecords=20670402, totalInputRecords=0, fileSequenceNum=9226, fileHeaderBusDt=08/29/2023, busDt=08/29/2023, fileName=TRIM.UNB.D082923.T045920] 2023-08-30 05:36:30.678 [INFO ] [Thread-19] StatisticBalancer - statisticData: StatisticData [selectedDataSet=27, rejectedDataSet=0, totalOutputRecords=27, totalInputRecords=0, fileSequenceNum=6395, fileHeaderBusDt=08/29/2023, busDt=08/29/2023, fileName=TRIM.CNX.D082923.T052656] I want to fetch records only for highlighted file not for other files but I am getting for both the files. My current query: index="600000304_d_gridgain_idx*" sourcetype =$Regions$ source="/amex/app/gfp-settlement-raw/logs/gfp-settlement-raw.log" "StatisticBalancer - statisticData: StatisticData"
|rex "totalOutputRecords=(?<totalOutputRecords>),busDt=(?<busDt>),fileName=(?<fileName>),totalAchCurrOutstBalAmt=(?<totalAchCurrOutstBalAmt>),totalAchBalLastStmtAmt=(?<totalAchBalLastStmtAmt>),totalClosingBal=(?<totalClosingBal>),totalRecordsWritten=(?<totalRecordsWritten>),totalRecords=(?<totalRecords>)"
|table busDt fileName totalAchCurrOutstBalAmt totalAchBalLastStmtAmt totalClosingBal totalRecordsWritten totalRecords
... View more