I Have used the below two events to test the SOURCE_KEY = <132>1 2023-12-24T09:48:05+00:00 DCSECIDKOASV02 ikeyserver 8244 - [meta sequenceId="2850227"] {Warning}, {RADIUS}, {W-006001}, {An invalid RADIUS packet has been received.}, {0x0C744774DF59FC530462C92D2781B102}, {Source Location:10.240.86.6:1812 (Authentication)}, {Client Location:10.240.86.18:42923}, {Reason:The packet is smaller than minimum size allowed for RADIUS}, {Request ID:101}, {Input Details:0x64656661756C742073656E6420737472696E67}, {Request Type:Indeterminate} <132>1 2023-12-24T09:48:05+00:00 DCSECIDKOASV02 ikeyserver 8244 - [meta sequenceId="2850228"] {Warning}, {RADIUS}, {W-006001}, {An invalid RADIUS packet has been received.}, {0xBA42228CB3604ECFDEEBC274D3312187}, {Source Location:10.240.86.6:1812 (Authentication)}, {Client Location:10.240.86.19:18721}, {Reason:The packet is smaller than minimum size allowed for RADIUS}, {Request ID:101}, {Input Details:0x64656661756C742073656E6420737472696E67}, {Request Type:Indeterminate} Using the below Regex: [xmlExtractionIDX] REGEX = .*?"]\s+\{(?<Severity>\w+)\},\s+\{\w+\},\s+\{(?<DeviceID>[^}]*)\},(.*) FORMAT = Severity::$1 DeviceID::$2 Last_Part::$3 WRITE_META = true till that it's working fine then i want to add more precise extraction and want to extarct more info from the Last_Part field using the SOURCE_KEY = [xmlExtractionIDX] REGEX = .*?"]\s+\{(?<Severity>\w+)\},\s+\{\w+\},\s+\{(?<DeviceID>[^}]*)\},(.*) FORMAT = Severity::$1 DeviceID::$2 Last_Part::$3 SOURCE_KEY = MetaData:Last_Part REGEX = Reason:(.*?)\} FORMAT = Reason::$1 WRITE_META = true But it doesn't work now, Is there any advice to do that using SOURCE_KEY
... View more