I have a log file that shows times to complete certain tasks and I want to create a table of values. Unfortunately, there are some that show that no time has elapsed and I'd like to ignore them. (certainly, this ideas is suspect, but bear with me 🙂 )
Here is a sample of the data I have:
Here is the way I had considered capturing this, but I'm still getting the 0:00:00 values in my table.
rex field=_raw "duration= (?!0:00:00)(?<MyTime>.*) | table MyTime
What am I missing?
... View more