Forum Discussion
Need Help With Sentinel Regex
Hi Team, I am trying to capture this following text & when I write this query in Regex101 it does capture but in Sentinel it is not capturing. I know we need to use "extend" command as well but j...
If you want to extract multiple columns out from a single string (which I think is what you want to do), you could use the parse command
| parse ACTUALTEXT with * "TIME_GENERATED =" Time "]" *
| parse ACTUALTEXT with * "RECORD_NUMBER =" RecordNumber "]" *
| parse ACTUALTEXT with * "EVENT_TYPE =" EventType "]" *
Should return you three new columns called Time, RecordNumber, EventType