Hi,
I am a newbie to LOG INSIGHTS and did good in figuring out with the help of this community and online documentations. However, I am stuck with Regexp and because of that I am not able to retrieve the data as expected in the tool.
I have a very large log file on one of the server with information close to below.
Issue:- In the Interactive Analytics it is displaying one row for each line, hence the below log is shown as 12 different lines for each timestamp.
[2020-06-10T15:28:10-04:00] [OBIPS] [TRACE:1] [] [saw.rpc.server.processHeartbeat] [ecid: xxxxxxxxxxxxxxxxxxxxxx,0] [tid: 3793676032] [SI-Name: ] [IDD-Name: ] [IDD-GUID: ] [userId: ] Processing heartbeat message.[[
File:socketrpcserver.cpp
Line:399
Location:
saw.rpc.server.processHeartbeat
saw.rpc.server.responder
saw.rpc.server
saw.rpc.server.handleConnection
saw.rpc.server.dispatch
saw.threadpool.socketrpcserver
saw.threads
]]
So I have used the following RegExp code which works perfect when I checked in https://regex101.com/ . But it haven't improved my results.
(?<DateTime>\[.*?\]) (?<OBIPS>\[.*?\]) (?<TRACE>\[.*?\]) (?<EMP>\[.*?\]) (?<FRISTMSG>\[.*?\]) (?<ECID>\[.*?\]) (?<TID>\[.*?\]) (?<SINAME>\[.*?\]) (?<IDDNAME>\[.*?\]) (?<IDDGUID>\[.*?\]) (?<USRID>\[.*?\[)(?<COMPLETE>\[\s*[\w\W]*?\]\])
I have attached some screenshots and the above scenario in the document. Could you please take a look at it and help me out?
I greatly appreciate your responses and help.
Thank you,
Rama