I have a very ugly log file that I need to run a regex against and have it match as many times as possible to map the field name and the value of the field. I have a working regex that I can test through search and its working as expected but when I try to move that regex to a transforms file using REPORT, I'm not seeing any results in my searches. Here are the props.conf and transforms.conf that is running on the SH:
props.conf
[jamfChangeManagement]
REPORT-jamfcm=jamfcm
transforms.conf
[jamfcm]
REGEX=(<_KEY_1>.*?)\W{5,30}(<_VAL_1>\w.*)
Any ideas why its not matching the regex in search?
↧