How-To: Parse Log Lines into Fields with Regex

There may be situations in which you will want to use a parser to extract additional information from the @rawstring. use case is to create new fields from this extracted information.

Solution

Regex groups can help accomplish this within a parser or a query. You can use a notation like the following:

logscale
/myField is: (?<myfield>\S+)/

There are two ways of using regex to accomplish this task:

  • The regex query function; or

  • The /$REGEX/ syntax regexr.com may be helpful to test