Hey guys,
I have a log that contains a lot of data but from that, I want to extract 'program.exe -switch' from the log and create a new field that I can display with table command. I have regex ready and confirmed on regex101.com. But I tried some of the below in my search and no luck. I've looked up rex command and examples on answers.splunk.com as well. But not sure how I can use rex command in this case.
**....regex cmd="/^(\s\w\D*\.\D*\s\D*\d)$/" | table cmd
....regex cmd="\s\w\D*\.\D*\s\D*\d" | table cmd
....regex cmd="\s\w\D*\.\D*\s\D*\d" | table cmd**
Any ideas how I can get this data?
↧
How to extract 'program.exe -switch' from the log and create new field to display with table command
↧