I have search that works fine when run manually:
sourcetype=WinHostMonTest | rex field=_raw "CommandLine=(?.+[^\n])" | table CmdLine
But when I try to add it into my dashboard, it complains and the closing and will not save:
index=perfmon source=process sourcetype=WinHostMon ProcessId=22864 earliest=$time.earliest$ latest=$time.latest$ host=$Host$ ProcessId=$ProcessID$ | dedup ProcessId | rex field=_raw "CommandLine=(?.+[^\n])" | table CmdLine < / query >
↧