But the problem I am facing is at some of the events the Refusal Reason field is empty and I have to capture the field value under Message eg. I am using the regex "rex field=_raw "AdyenPaymentResponse.+\sReason\s:\s(?.+)" to extract the error message using refusal reason as the keyword as for some places the error printing under Message is irrelevant. 12:23:15 ( 01 ) > AdyenProxy::AdyenPaymentResponse::ProcessPaymentFailure::Additional response - > Message : 102 Shopper cancelled pin entry Refusal Reason : 102 Shopper cancelled pin entry rex max_match=10 offset_field=newofield "From: (?.*) To: (?.I am fairly new to Splunk and I have bit of a challenge in front of me which I am not able to resolve. The max_match and offset_field options must be specified before the argument. The field option must be specified before the or argument. ![]() Options must be specified before the expressions New in SPL2 is support for raw string literals. ĭifferences between SPL and SPL2 Support for raw string literals
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |