I have a query -
index="production" [search source="port-120" "Decision Received: REJECT"| fields x_reqid] | rex field=_raw "Req Id:(?<req_id>.*)" | rex field=_raw "cust ID :(?<cust_id>.*)" | table x_reqid,req_id,cust_id | sort -_time
my log statements -
x-reqid=247-64d-4c4-5d2043 Decision Received: REJECT
x-reqid=247-64d-4c4-5d2043 Req Id:4461015602805000002477
x-reqid=247-64d-4c4-5d2043 cust ID : abc@g.com
I want a table output with three colums x_reqid, req_id and cust_id. However, the above query is giving me repetative x-reqid and not distinct results. please help
↧