Hi everyone, i have a logs vpn format 2023-06-21T03:29:16+0000 [stdout#info] LOG ERR: 'LOG_DB RECORD {"username": "duocnv", "common_name": "duocnv", "start_time": 1687312988, "session_id": "aa2d4wW6GaPydjA4", "service": "VPN", "proto": "UDP", "port": "1194", "active": 1, "auth": 1, "version": "3.6.7", "gui_version": "OCmacOS_3.4.2-4547", "platform": "mac", "bytes_in": 1448266, "bytes_out": 15124146, "bytes_total": 16572412, "vpn_ip": "172.27.20.2", "duration": 5168, "node": "ip-10-250-101-154.ap-southeast-1.compute.internal", "timestamp": 1687318156}' i used rex to extract field "vpn_ip" : index=openvpnas | rex field=_raw ".*\s"vpn_ip":\s*"(?<vpn_ip>[^"]+)" But it show error Error in 'SearchParser': Missing a search command before '^'. Error at position '96' of search query 'search index=openvpnas | search LOG_DB RECORD | re...{snipped} {errorcontext = ublic_ip>[^"]+)"}'. Can anyone help me
... View more