topic Reference a regex from a source tyoe in Getting Data In https://community.splunk.com/t5/Getting-Data-In/Reference-a-regex-from-a-source-tyoe/m-p/400142#M71270 <P>We have a dozen logs to ingest into Splunk. The log data will be obtained using regular expressions. Based on local conventions, we'll be creating a dozen source types, each named for its corresponding log.</P> <P>As it turns out, only two regular expressions are needed for the dozen logs, one regular expression for 4 of the logs, and the second regular expression for the other 8 logs. </P> <P>I don't want to copy and paste the one regular expression into 4 of the source types and the other regular expression into the other 8 source types. Instead, I want to store the two regular expressions in Splunk one time each and then reference each of the two regular expressions from the 12 source types as appropriate. </P> <P>Is there a way to store the regular expressions in Splunk one time each and then reference them from the 12 source types?</P> Thu, 30 May 2019 18:09:42 GMT williamcharlton 2019-05-30T18:09:42Z Reference a regex from a source tyoe https://community.splunk.com/t5/Getting-Data-In/Reference-a-regex-from-a-source-tyoe/m-p/400142#M71270 <P>We have a dozen logs to ingest into Splunk. The log data will be obtained using regular expressions. Based on local conventions, we'll be creating a dozen source types, each named for its corresponding log.</P> <P>As it turns out, only two regular expressions are needed for the dozen logs, one regular expression for 4 of the logs, and the second regular expression for the other 8 logs. </P> <P>I don't want to copy and paste the one regular expression into 4 of the source types and the other regular expression into the other 8 source types. Instead, I want to store the two regular expressions in Splunk one time each and then reference each of the two regular expressions from the 12 source types as appropriate. </P> <P>Is there a way to store the regular expressions in Splunk one time each and then reference them from the 12 source types?</P> Thu, 30 May 2019 18:09:42 GMT https://community.splunk.com/t5/Getting-Data-In/Reference-a-regex-from-a-source-tyoe/m-p/400142#M71270 williamcharlton 2019-05-30T18:09:42Z Re: Reference a regex from a source tyoe https://community.splunk.com/t5/Getting-Data-In/Reference-a-regex-from-a-source-tyoe/m-p/400143#M71271 <P>Simply: yes, you're looking for <A href="https://docs.splunk.com/Documentation/Splunk/7.2.6/Knowledge/AboutSplunkregularexpressions#Modular_regular_expressions">modular regular expressions</A>. </P> <P>Skalli</P> Mon, 03 Jun 2019 06:16:28 GMT https://community.splunk.com/t5/Getting-Data-In/Reference-a-regex-from-a-source-tyoe/m-p/400143#M71271 skalliger 2019-06-03T06:16:28Z