Skip to main content
Question

Using regex to extract fields

  • March 11, 2025
  • 4 replies
  • 27 views
M

Hello everyone, qq, I am trying to get a regex extract field extractions from _raw, the regex seems to be fine, but somehow I cant get the field to show up as an extracted field. Im using a capturing group to do this.. any ideas

    4 replies

    J
    • John Pondrom
    • Employee
    • March 11, 2025

    I don't have a specific solution for you, but a troubleshooting step I would try if you haven't already would be to see if you can output the full field without the regex.I've had too many situations in the past where the issue that was blocking me from moving forward was being introduced earlier than I thought it was.

    M
    • Mike Dupuis
    • Author
    • Participating Frequently
    • March 11, 2025

    there are some fields that can be extracted from a parser funtion, but the message field is just broken bad. I think this is due to the structure of the raw event.. but still dont see why the regex extract is not a allowing the field

    J
    • John Pondrom
    • Employee
    • March 11, 2025

    Example/Screen shot would be helpful here <@U038140BJBG&gt; (if possible). Or can you paste an example event here, and tell me more about what you are trying to extract? Happy to help!

    M
    • Mike Dupuis
    • Author
    • Participating Frequently
    • March 11, 2025

    hey Joe, Darrel it seems like the structure of the events was not consistent, thus the regex will not match properly some of the eventsI made a broader regex and now that it matches all the events the issue seems resolved..

    Terms & ConditionsAccessibility statement