If your logs are delivered in a multi-line format you may want to parse up until a line break in the message. In order to do so, use the following regular expressions as a stop anchor on the line break:
Linux Logs- "\n"
Windows Logs- "\r"
For example, if we have the following message in our logs:
12:08:10,651 INFO sample_server ReportEmailer:178 - DEBUG SENDING MESSAGE:
To: example@sumologic.com
Subject: New line Breaks in Message
To get example@sumologic.com in the ToAddress column., you can use the following queries to get the address:
... | parse "To:*\n" as ToAddress nodrop
Or
... | parse "To:*\r" as ToAddress nodrop
Comments
0 comments
Please sign in to leave a comment.