有些event 是不规则，需要用regular express 来加工一下, 下面说一下sample 数据:

2021-10-26 17:00:12 PDT sample log data from host eagle1

2021-10-26 17:00:12 PDT sample log data from host eagle2

2021-10-26 17:00:12 PDT sample log data from host eagle3

2021-10-26 17:00:12 PDT sample log data from host eagle4

下面看一下操作方法:

Conjuring Tricks to Create New Fields

We can also use regex to conjure (or extract) fields from an event. This is serious magic, folks, so exercise it with prudence. For example, some syslog events don't have the required host field, and missing or incorrect host fields will break some reports and analysis.

In this example, we'll