Thanks now i understood the field name purpose looks like we have to assign variable for the search field from where I have to extract the log and then do regex on the assigned variable but the issue is this number is a dynamic and it keeps getting updated for every 15 minutes my ultimate goal is to find the difference and graph that count in a nice graph.
2014/09/28 08:45:00,910 Info CS Traffic: SecureServer ABC: 2412182 / 000
2014/09/28 09:00:00,912 Info CS Traffic: SecureServer ABC: 2413791 / 000
The below query doesnt return the number so that i can perform difference of the next number
head 1 |eval foo="0140928.log:2014/09/28 06:45:00,911 Info CS Traffic: secureserver ABC: 2394528 / 000" | rex field=foo "\:\s+(?\d{7})\s+\/" | table myNum
Tried below option too
eval foo="*.log:* Info CS Traffic: secureserver ABC:"| rex field=foo "\:\s+(?\d{7})\s+\/" | table myNum
... View more