I have a search which is coming with this field-
timezone=America/Montreal(EDT)offset-14400(Daylight).
so how can i get only EDT? Any suggestion will be appreciated.
Hi,
something like this should work:
... | rex field="timezone" "\((?<myTZ>[A-Z]+)\)" | ...
this will create a new field called myTZ
myTZ
cheers, MuS