hi
I want to add a rex field in my search
index=windows sourcetype="wineventlog:system" SourceName="Disk" count="$process$"
| dedup _time
| table _time host Type EventCode
There is 2 conditions for my rex field :
Une erreur a été détectée sur le périphérique \Device\Harddisk1\DR1 lors d'une opération de pagination.
\Harddisk\ has to fnish by 0 or 1 but not by another number
After \Harddisk0\ or \Harddisk1\ its mandatory to have DR
could you help me please??
↧
