Hi Team,
I have an event which is getting segregated with pipe (|) symbol and i want to separate those events with a regex expression how to proceed further.
Sample Event are below:
2017-06-04 03:51|Level=***|Name=Men|Id=(xxxxx)|Job=(xxxx)|DropNumber=(xxxx)|Cycle=(xxx)|Value=(xxx)|Field=(xxxx)|Process xxxxxxxx
So I have tried to segregate the same in search head GUI by clicking the Field extractions and by using delimit option i choose pipe (|) symbol to split it.
The fields are getting extracted and I have renamed the field names too. But once I saved it and clicked the extracted fields which is in left hand column its getting with the field name and with the key value. But actually i want the key value alone.
For Example:
If i have delimit the field using (|) symbol and rename the field to "Name" and saved it.
Post saving it when i click the "Name" in the extracted field it should show as "Men" as mentioned in sample event.
But instead when i click the "Name" field it shows as "Name=Men"
So kindly let me know the regex to extract only the key value alone since i need to create multiple field extractions for the same.
↧