Error in 'rex' command: regex="(?ms)^(?:[^'\n]'){3}(?P[^']+)[^=\n]='(?P[^']+)(?:[^'\n]'){6}(?P[^']+)(?:[^=\n]=){4}'(?P\d+.\d+)" has exceeded configured match_limit, consider raising the value in limits.conf
Search results may be incomplete: the search process on the local peer:vpngw.pineapp.com ended prematurely. Please check the local peer log, such as $SPLUNK_HOME/var/log/splunk/splunkd.log and as well as the search.log for the particular search.
Select Fields
Highlight one or more values in the sample event to create fields. You can indicate one value is required, meaning it must exist in an event for the regular expression to match. Click on highlighted values in the sample event to modify them. To highlight text that is already part of an existing extraction, first turn off the existing extractions. Learn more
Apr 6 17:52:51 46.166.130.92 Apr 6 17:49:32 Mx4 pamsgprocess[13121]: [START] [MID]='9000000000002292032', [time]='2017-04-06 17:49:32.617832', [sender]='info@INHUMAN.nl', [subject]='(null)', [size]='4030', [source_ip]='14.186.113.222', [commtouch_ref]='SPAM, OK, (300)(1000)gggruggvucftvghtrhhoucdtuddrfeeliedrtdeggdeivdcutefuodetggdotefrodftvfcurfhrohhfihhlvgemucfrkffpgfetrffrnecuuegrihhlohhuthemuceftddtnecujfgurhcugedtheeiucdlfedttddmnecujfgurhephffvufffgggtrfgikgfoqfesrgdttdepfidtnecuhfhrohhmpedfvfgrthihrghnrgdfuceoihhnfhhosefkpffjfgfotefprdhnlheqnecukfhppedugedrudekiedruddufedrvddvvd'[Content Filter]='Not Found', [MID]='9000000000002292032', [spam_score]='100.0 ', [type]='Spam', [status]='BLOCKED', [virus_details]='No Virus found', [direction]='R2L', [recipient]='emilya@ackerstein.co.il' [FINISH]
... View more
