Skip to content

Instantly share code, notes, and snippets.

@SBajonczak
Last active April 15, 2023 06:02
[transforms.transform]
type = "remap"
inputs = [ "sp_uls"]
source = """
#. |= parse_regex!(.message, r'^(?P<TIMESTAMP>.{23})\t(?P<Process>.{40})\t(?P<ProcessID>.{6})\t(?P<Area>.{30})\t(?P<Category>.{30})\t(?P<logmessage>.{1,})')
. |= parse_regex!(.message, r'(?P<logmessage>.*)')
del(.message)
.data= split(.logmessage, "\t")
.Timestamp= .data[0]
.Process= .data[1]
.TID= .data[2]
.Area= .data[3]
.Category= .data[4]
.Level= .data[5]
.Severity= .data[6]
.Messagedata= .data[7]
.correlation= .data[8]
del(.logmessage)
"""
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment