0

Can anyone help? I've exhausted my knowledge and troubleshooting skills trying to get this working.

Here is the example data from "msg":

date=2025-03-26 time=12:45:57 devname="this-is-the-host" devid="CD188764823423" eventtime=1742993157871312130 tz="+0000" logid="0001000014" type="traffic" subtype="local" level="notice"

... and here is the code I was hoping would capture the value "this-is-the-host" into the variable I named dname:

set $.dname = tolower(re_extract($msg, 'devname=\"(.*)\" devid=', 0, 1, "failed"));

Is there an easier way, maybe using the split function? I'd appreciate your thoughts.

Improve this question
2
  • Please edit the question to limit it to a specific problem with enough detail to identify an adequate answer.
    – Community Bot
    Commented Mar 26 at 13:15
  • re_extract($msg, 'devname="([^"]*)"', 0, 1, "failed") perhaps?
    – Chris Davies
    Commented Mar 26 at 22:53

0

Reset to default

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.