The following gives me exactly what I want
host=****** Failed_Reason minutesago=15 | rex "\>(?<Failed_Reason>.*?)\<"
but when I use the regex to build a field extraction I cannot get a result even after restarting the indexer. The search output is the same.
The field extraction format is
"\>(?<Failed_Reason>.*?)\<"
Any idea why this is not working?
Thanks