Hello, I have a raw data file from which I am trying to extract data and create a dashboard out of it. From this raw file I am using regex and mvexpand to parse the data for individual vm's and storing that information in a table. Now I want to use the data that is store in the table to extract fields and data from it.  I have regex query to extract particular fields as data. However, I am unable to give the table as an input for to make those regex work.  Splunk query:  index="test_log" source="/var/tmp/logs/test.log" | rex max_match=0 field=_raw "(?<lineData>[^;]+)" | mvexpand lineData | fields lineData | table lineData   Sample raw log file:  VM_NAME: vm1 Process Process Count ProcessTestA 0 ProcessTestB 1; VM_NAME: vm2 Process Process Count ProcessTestA 0 ProcessTestB 3;   Sample Data in table:  VM_NAME: vm1 ProcessTestA 0 ProcessTestB 1 --------------------------------------- VM_NAME: vm2 ProcessTestA 0 ProcessTestB 3   Final Data Needed: VM_NAME vm1 Process  Process Count ProcessTestA 0 ProcessTestB 1       Please suggest how can I do this.  Thank you   ... View more

Hi all, I am trying to extract an IP and the word "HOST_NAME" from a raw log file using the following regex expression:  source="/var/tmp/test.log" | rex field=_raw "(?<HOST_NAME>) \b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b"   Log file: EXEC_ID: HOST_NAME: 172.19.20.60 USER_NAME: test ================================  TestCaseRunner Summary ----------------------------- Time Taken: 13844ms Total TestSuites: 2 Total TestCases: 6 (0 failed) Total TestSteps: 16 Total Request Assertions: 19 Total Failed Assertions: 0 Total Exported Results: 0   The search results are not extracting the HOST_NAME field and the respective IP. Please suggest what should I change.  Thank you    ... View more