Hello, I have logs coming in that look like the following:
(Tab between columns)
server1.something.com ApacheLog 0 10.0.0.1
server2.something.com ApacheLog 0 10.0.0.2
server3.something.com GenericLog 0 0 0 0
server4.something.com GenericLog 0 0 0 0
Using the IPs to have splunk generate a pattern results in this regex:
(?i)^(?:[^\t]*\t){3}(?P<FIELDNAME>[^ ]+)
The IP will be in the same place every time ApacheLog is present... so basically I want my RegEx to be something like the following which doesn't work:
^*\t*ApacheLog*\t*\t(?P<FIELDNAME>[^ ]+)
Any assistance would be appreciated.
Thanks,
John
... View more