Synopsis

regextract (<
string_value>, <
pattern>)

Description

Examples

dataset = xdr_data 
| fields action_evtlog_message as aem 
| filter aem != null 
| alter account_name = 
    arrayindex(
        split(
            arrayindex(
                regextract(aem, "Account Name:\t\t.*\r\n")
            ,0)
        , ":")
    ,1) |
| filter account_name != null 
| limit 10