We have updated our Terms of Service, Code of Conduct, and Addendum.

Using regex to extract fields

Options
Mike Dupuis
Mike Dupuis Posts: 14 admin
in General Discussions

Hello everyone, qq, I am trying to get a regex extract field extractions from _raw, the regex seems to be fine, but somehow I cant get the field to show up as an extracted field. Im using a capturing group to do this.. any ideas

Answers

  • John Pondrom
    John Pondrom Posts: 16
    Options

    I don't have a specific solution for you, but a troubleshooting step I would try if you haven't already would be to see if you can output the full field without the regex. I've had too many situations in the past where the issue that was blocking me from moving forward was being introduced earlier than I thought it was.

  • Mike Dupuis
    Mike Dupuis Posts: 14 admin
    Options

    there are some fields that can be extracted from a parser funtion, but the message field is just broken bad. I think this is due to the structure of the raw event.. but still dont see why the regex extract is not a allowing the field

  • John Pondrom
    John Pondrom Posts: 16
    Options

    Example/Screen shot would be helpful here <@U038140BJBG&gt; (if possible). Or can you paste an example event here, and tell me more about what you are trying to extract? Happy to help!

  • Mike Dupuis
    Mike Dupuis Posts: 14 admin
    Options

    hey Joe, Darrel it seems like the structure of the events was not consistent, thus the regex will not match properly some of the events I made a broader regex and now that it matches all the events the issue seems resolved..

Categories