I have the following sample text that's embedded inside a log:
(Response=200) {"log":{"properties":"rob"}}
I am trying the following regex pattern matching, which works as expected, it's finding log message that contains the above sample text.
index=<wide serach> | regex "[\"{]{1}(log){1}"
However, I want to further cement this search to restrict it down to only log messages, so I want to add additional constraints, like so:
index=<wide serach> | regex "[\{\"]{2}(log){1}"
// to match {"log
Or
index=<wide serach> | regex "[\"{]{1}(log){1}[\"{]{1}"
// to match "log"
But in either expression, it returns 0 results.
So why is it so sensitive that adding a few more characters to expression breaks it?
Am I doing something wrong?
... View more