Hey guys,
I have a log that contains lot of data but from that I want to extract 'program.exe -switch' from the log and create new field that I can display with table command. I have regex ready and confirmed on regex101.com. But I tried some of the below in my search and no luck. I've looked up rex command and examples on answers.splunk.com as well. But not sure how I can use rex command in this case.
....regex cmd="/^(\s\w\D*\.\D*\s\D*\d)$/" | table cmd
....regex cmd="\s\w\D*\.\D*\s\D*\d" | table cmd
....regex cmd="\s\w\D*\.\D*\s\D*\d" | table cmd
Any ideas how I can get this data?
↧