Query Output

Follow

Smooth Operator

• August 18, 2022 06:00

Hi Guys,

In Splunk I use Regex to extract the key items from a query and use Eval command to make the expression much meaningful and look pretty. 

Ex: 

| rex field=_raw "(?<Date>\w{3}\s+\d+ \d+:\d+:\d+) (?<hostname>.+) \d+: \w{3}.*User:(?<user>\w+).*:(?P<command>.......)"

|eval "Command Execution on the Network" = Date + " " + "Enable Command on " + host + " was executed by " + user

| table "Command Execution on the Network"

I extracted a regex command for SumoLogic and I want to know what is the way to get a similar beautiful output from SumoLogic.
From the below-mentioned regex, I want to have a table of which each row says

On <Date> User <Name> has logged into <Server> <Connection> <status>

| parse regex "\d+\S\d+\S\d+\w+\S\d+\S\d+\S\d+\S\d+\s(?<Server>\w+\S\w+\s\w+)\S\w+\S\w+\S\s(?<Date>\w+\s\w+\s\w+\s\w+\S\w+\S\w+)\s\w+\s(?<Name>\w+.\w+)\S\d+\S\d+\S\d+\d+\S\d+\S\d+\S\s(?<Connection>\w+)\s(?<status>\w+).*"

Please help. 

Thank you. 

0

• 

  Eli Jang

  • September 12, 2022 00:55

  already replied in here

  0

  Comment actions Permalink

Please sign in to leave a comment.