I have a log data and have a correct regex to extract data, which I confirmed works. However, the named field shows no data.
Sample log line
Dec 25 22:31:03 10.11.38.110 1 2018-12-26T22:27:08.000+01:00 SRV001 Logger1 - - - [ Category = GrpMgmt ] [ SOURCE = srv002 ] [ GROUP_TYPE = Security ] [ GROUP_SCOPE = dom01 ] [ PRIVILEGES = - ] [ ACCOUNT_NAME = Global_GRP ] [ ACCOUNT_DOMAIN = dom01 ] [ CALLER_USER_NAME = svcUsr ] [ CALLER_USER_DOMAIN = dom01 ] [ MEMBER_NAME = CN=usr001,OU=Users,DC=dom01,DC=org ] [ EVENT_NUMBER = 4728 ] [ ATTRIBUTES_OLD_VALUE = null ]
I want to extract the value of Member_Name to a variable e.g. MN, I have the following regex
rex _raw=".* \[ MEMBER_NAME \= (?P.+) \]\s+\[ EVENT_NUMBER"
When I use the above regex, I get the search results. However, the field MN is always empty — any hints that I am missing anything?
Thanks
... View more