Hi all,
I have a unique identifier in my logs that I am extracting at search time. It looks something like this:
ABC987654321
It always has 3 letters followed by 9 numbers, so I use the following regex to extract into a field called policy number (the field name is surrounded by < and >):
(?m)(?PolicyNumber[A-Z0-9]{3}d{9})
What I'm looking to do is split the policy number field that has been extracted into two parts; the PolicyNumberPrefix (ABC) and the PolicyNumberSuffix (987654321).
I've tried to extract each part separately, but have run into the issue with the PolicyNumberSuffix field detailed here. I have followed these instructions, but when searching for a specific PolicyNumberSuffix, the results take a very long time to return any results, whereas searching with the full PolicyNumber returns results instantly.
Is there a suitable transform that can split the field extraction into two parts to allow searching on each part? Or would an index time field extraction help?