I'm trying to use rex to extract a value from an event.
In order to avoid writing out the pattern too many times, I have decided to place the pattern inside a macro with a specified argument passed in.
First, sample data looks like this:
DataType=1, PowerMax=50, PowerMin=10
To invoke the macro, I might use a command like this:
`macFoo("PowerMax")`
and inside the macro, I want to do something like this:
... | eval re=", ".$arg1$."=(?<bar>[^,]*)" | rex field=_raw re
which i wanted to extract bar=50, but I get an error similar to this:
Error in 'rex' command: The regex 're' does not extract anything. It should specify at least one named group. Format: (?<name>...).
Help!