I have a regex that should be extracting the **employeeType** field from an event. Below is the text of the event and the regex I am using.
Details:
Attributes:
employeeType
Contractor
Search:
mysearch | rex "employeeType\n\t\t\t(?\w+)"
We see the extraction work on regxr, but it doesn't seem to extract in the search.
↧