I am having trouble searching mutliple patterns using rex. I have the log files containg the following pattern lines:
- BLAH BLAH BLAH, Processtype : <12345> BLAH BLAH BLAH.
I want to get table report on Processtype and the docCount, which in this example case is 12345.
I can search for PROCESSTYPE
sourcetype="SOMETHING SOMETHING" | rex field=_raw ".*, (?<1ST>[A-Z][a-z]+) :.\*"
I can also search for docCount
sourcetype="SOMETHING SOMETHING" | rex field=_raw ".* \<(?<2ND>[0-9]+)\>"
But when I combine the two together like this, it doesn't return any result
sourcetype="SOMETHING SOMETHING" | rex field=_raw ".*, (?<1ST>[A-Z][a-z]+) : \<(?<2ND>[0-9]+)\>"
What am I doing wrong?