I have log like: Segment 5bbdf7b8bbdd3c685a2110bf : UserMap is [512205885, 512112460, 512369891, 512316786, 58587803, 506882296]
Segment 5bbdf7b8bbdd3c685a2110bf : UserMap is [514348564, 506722271, 513844106, 513725157]
Segment 5bbdfd69bbdd3c685a21129b : UserMap is [502062935]
I want the stats where I can see number of ids in userMap with respect to the segment. like:
5bbdf7b8bbdd3c685a2110bf - 6
5bbdf7b8bbdd3c685a2110bf - 4
5bbdfd69bbdd3c685a21129b - 1
I think you can't do it all with regex, but this search should get you goingin the right direction.
<your base search> | rex "Segment (?<Segment>[^:]+)"
| rex max_match=0 "UserMap is \[(?<id>\d+)"
| idCount=mvcount(id) | table Segment idCount