Hi, I have the following log statements 1.Connected to [el2me@star-mf.grgk.com:22] 2.. Connected to [ftpsergr.gregn.com:41]. UserID [egwergrwe]
From the above statements i have to exrtact userid in common.In first log statement e12me is the userid and in second log statement string following the UserID is the userid which i want to extract ie.egwergrwe
i gave the following regex to extract the userid and diplay in table as sourcetype="RSBA_LOGS-2" |rex field=_raw "(?:Connected to |UserID)?[(?<userid>S+)(?:@|])" | table userid
But it is not extracting the correct userid .Can anyone help me on the regex.