Try

The try command matches a regular expression against the input string.

Try Command Parameters

Argument	Description
`parse_from`	`start_position` - run the regular expression from the start of the input string. `last_position` - run the regular expression from the last position of the previous successful command.
`regexp`	The regular expression to match.
`add_field`	One or more fields to add to the result (only if the regular expression is successful).

Argument

Description

parse_from

start_position - run the regular expression from the start of the input string.

last_position - run the regular expression from the last position of the previous successful command.

regexp

The regular expression to match.

add_field

One or more fields to add to the result (only if the regular expression is successful).

Try Command Sample

:command (
     :cmd_name (try)
     :parse_from (start_position)
     :regexp ("([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)")
     :add_field (
             :type (index)
             :field_name (Src)
             :field_type (ipaddr)
             :field_index (1)
     )
)

In the above example, we try to match the regular expression ([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+) that looks at the entire log (parse_from (start_position)) - parse from the start of the log). If the regular expression is matched, we add a source field.