Extracting more than one result from a single field

Comments

3 comments

  • Official comment
    Avatar
    Nick

    Hi James,

    The parse operator drops the message by default if it does not contain the pattern it's expecting. You can include the nodrop option at the end of each statement to include the message regardless, so that you can stack these parses:

    parse field=files_analyzed "Videos: *," as videos nodrop
    parse field=files_analyzed "Files: *," as files nodrop
    parse field=files_analyzed "Parents: *," as parent nodrop

    I hope this helps!

    Nick
    Sumo Logic, Customer Success

    Comment actions Permalink
  • Avatar
    James Trory

    Yes this is it! Thank you. I knew it was dropping fields but couldn't figure it out, I had completely forgotten about nodrop.

    0
    Comment actions Permalink
  • Avatar
    Nick

    No prob James!

    0
    Comment actions Permalink

Please sign in to leave a comment.