Somesoni2, I am trying to test this search inline. Can you help with the direct search not in .conf propl
I would want to generate alert based on appearance of the cc numbers in logs. was trying this:
index="myIndex"
| rex "(?((\d{4}[-|\s]){3}\d{4}))"
| search possible_cc_number=
| table _time possible_cc_number _raw
so the events are showing numbers, how to use regex and formating in the same inline searches?
Thanks.
... View more