**Additional** question 'to the same scenario': "How to use rex to extract Linux directory sizes and names?"
On other servers where I ran the same script, the output differs when retrieving the data through Splunk. All the information seems to be **within** the same event now.
1000 dir1
1200 dir2
1550 dir3
Etc.
.... | rex "(?\d+)\s+(?\w+)" | eval GB=(size/1024)/1024 | timechart mode(GB) as Size by dir
This will give me **only** the first line, which is 1000 and dir1. How do I extract the sample above so that I have different events for **All**
If other words -- if | rex "(?\d+)\s+(?\w+)" would do the job for this first line -- how to repeat this for all lines within the same event?
↧