Hello,
I have an issue with this type of log :
[5/22/20 14:46:23:381 GMT] 0000009c ThreadMonitor 3 UsageInfo[ThreadPool:hung/active/size/max]={server.startup:0/0/1/3,ProcessDiscovery:0/0/1/2,TCPChannel.DCS:0/2/4/20,HAManager.thread.pool:0/0/2/2,Default:0/2/6/20}
I create a regex which works :
rex field=_raw "\[(?[^\[]*)\]\s(?[^\s]*)\s(?[^\s]*)\s(?[^\s]*)\s(?.{11})(?\[\w.*\])(?[\=])\{((?\w.*?):(?\d+)\/(?\d+)\/(?\d+)\/(?\d+))+" | table timestamp threadname hung max
But the threadname is always the first match, in my case server.startup.
Is it possible to add a where clause to extract the desired threadname, for example HAManager ? And I can't modify props.conf because I don't have admin right.
Thanks for your help
David
... View more