About av

av · ‎09-02-2020

I was able to make it work with following regex xx[^\$]+?score\"\>(\S+)\<

av · ‎08-31-2020

@harsmarvania57 Tried your suggestion, but same result using direct regex in field extraction. Not sure what am I missing.

av · ‎08-28-2020

I am trying to extract a field using field transformation. My event contains a XML. Partial snippet given below - <Name>/xx</Name> <Id>HASPR00100</Id> <Class>B</Class> <Confidence>0.8957</Confidence> <Notes> <Note> <Key name="note">[CDATA[{"target": "corp", "precision": 0.365, "recall": 0.553, "fnr": 0.447, "fpr": 0.0273, "confidence": {"A": 0.0, "B": 0.8957}}]]</Key> <Key name="score">0.0271</Key> I am trying to capture the "score" value 0.0271 in a field. I tried to create a field transformation using regex below - \<Name\>\/xx\<\/Name\>\n.+\n.+\n.+\n.+\n.+\n.+\n.+\<Key name\=\"score\"\>(\S+)\<\/Key\> But that does not work. If I use the same expression in rex I am able to extract the field. index=a ... | rex "\<Name\>\/xx\<\/Name\>\n.+\n.+\n.+\n.+\n.+\n.+\n.+\<Key name\=\"score\"\>(?<sc>.*)\<\/Key\>" Am i missing something? Or is there any better way to do this? Thanks.

Posts	5
Solutions	0
Karma Given	0
Karma Received	0
Member Since	‎08-28-2020

Online Status	Offline
Date Last Visited	‎09-03-2020 03:00 AM

Field transformation does not work but rex does wi...

Re: Field transformation does not work but rex doe...

Re: Field transformation does not work but rex doe...

Field transformation does not work but rex does wi...

Join the Conversation

Field transformation does not work but rex does wi...

Re: Field transformation does not work but rex doe...

Re: Field transformation does not work but rex doe...

Field transformation does not work but rex does wi...