Forum Discussion
Solved
Extract from syslog
Hello can someone please help me with extract regex expression? I have syslog message that have this structure 1692086254.870677475 XXXXXX flows src=XXXX dst=XXXXX protocol=tcp sport=58296 dport=44...
- This works
pattern = extract(@'pattern: \"?(\w+)\"?', 1, SyslogMessage),
unfortunately it does not work for me:
Query could not be parsed at 'has' on line [2,8] Token: has Line: 2 Position: 8 Request id: 2e66e81d-d5e5-412c-9130-6d27512cd854
This works
pattern = extract(@'pattern: \"?(\w+)\"?', 1, SyslogMessage),
pattern = extract(@'pattern: \"?(\w+)\"?', 1, SyslogMessage),