Logger contains below data
Total number data found for processing: [7810]
Trying
index=my_index "Total number data found for processing *" |rex "processing: [(?<Num>[^\\d]+)]" | timechart values(Num) as Records span=60min
Not getting 7810
Can anyone guide me?
I see two issues. They may be real or they may be artifacts from writing the question.
The first is the string in the base search does not match the sample event. There is no space after "processing" in the event so there should not be one in the base search.
The second issue is the expression in the rex command doesn't match the data. The left bracket should be escaped. The expression is trying to match anything that is not a backslash or the letter d, which probably is not the intent.
index=my_index "Total number data found for processing*"
| rex "processing: \[(?<Num>\d+)"
| timechart values(Num) as Records span=60min