We're using a Syslog to get data to Log Analytics from some devices. This works perfectly and places the relevant data we need in the "Syslogmessage" column in "Syslog". I'm trying to use the parse command to extract that data into new columns but cannot figure out how to do it. Here is a sample of the value in that column:
37:00,0008C101547,SYSTEM,userid,0,2018/07/23 11:36:58,,connect-ldap-sever-failure,SERVER1.DOM1.DOMAIN1,0,0,general,medium,"ldap cfg CT Group Mapping failed to connect to server SERVER1.DOM1.DOMAINNAME.net:389: Error: Failed to get address info for SERVER1.DOM1.DOMAINNAME.net.",38678840,0x8000000000000000,0,0,0,0,,DOM1FHS01.LAB
I figured I could use regex to extract what I need, but cannot seem to get it to work correctly. What's the best way to do this?
Example of something I've tried:
Syslog
| parse kind=regex SyslogMessage with foo "^37:00,"
foo2 "(?ms),"
foo3 ".*,"
foo4 ","
foo5 "," *
| project foo , foo2 , foo3 , foo4 , foo5
