Query Output
Hi Guys,
In Splunk I use Regex to extract the key items from a query and use Eval command to make the expression much meaningful and look pretty.
Ex:
| rex field=_raw "(?<Date>\w{3}\s+\d+ \d+:\d+:\d+) (?<hostname>.+) \d+: \w{3}.*User:(?<user>\w+).*:(?P<command>.......)"
|eval "Command Execution on the Network" = Date + " " + "Enable Command on " + host + " was executed by " + user
| table "Command Execution on the Network"
I extracted a regex command for SumoLogic and I want to know what is the way to get a similar beautiful output from SumoLogic.
From the below-mentioned regex, I want to have a table of which each row says
On <Date> User <Name> has logged into <Server> <Connection> <status>
| parse regex "\d+\S\d+\S\d+\w+\S\d+\S\d+\S\d+\S\d+\s(?<Server>\w+\S\w+\s\w+)\S\w+\S\w+\S\s(?<Date>\w+\s\w+\s\w+\s\w+\S\w+\S\w+)\s\w+\s(?<Name>\w+.\w+)\S\d+\S\d+\S\d+\d+\S\d+\S\d+\S\s(?<Connection>\w+)\s(?<status>\w+).*"
Please help.
Thank you.
-
already replied in here
Please sign in to leave a comment.
Comments
1 comment