I have the following log 2021-08-03T14:12:40,872 th=foo cl=bla p=INFO {"tag":"bla","goo":"SPA","msg":{"dir":"in","correlation":"2035456876870723587526","pack":"ebcdic","0":"1234","3":"001234","4":"000000001234","6":"000000001234","7":"0803141240","11":"521464","41":"51400055","47":"ERT0001234000\\ARDABABDGDG\\GRE1234\\VTE01123400824\\GDE00\\SSER\\Ort612348\\Ort072\\rtI0\\","49":"124","61":"12340000004"}} I would like to extract the two fields in RED and Pink and rename field to Co The fields in BOLD GREEN will be key and must be present, rest might or might not. This is what I got so far index=bla | rex \"47\":\"*ARD(?<CODA>.{4}) however this is not working and filed is not getting populated. Thank you
... View more