Yeah, so you can use a rex command to first to make a field that contains only the recipient of interest. For example a regex that extracts
{"...","..","recipient0":"01234567","recipient1":"09877543","recipient2":"151617189",....,"recipient8":"41790042325","IP":1.1.1.1","..."}
out of
...|{ other log data with recipients in it}|{"...","..","recipient0":"01234567","recipient1":"09877543","recipient2":"151617189",....,"recipient8":"41790042325","IP":1.1.1.1","..."}|{ more log data with recipients in it}|...|
and then use the rex from my first anwer only on this field.
"would it be good to change the regex so it does only match 1 diggit after "recipient" -> It already does only match one digit after recipients, since i only used \d and not \d+ or \d*, where \d stands for a single digit.
... View more