https://community.splunk.com/t5/Getting-Data-In/regex-to-capture-both-fields-as-below/m-p/557408#M92259 <P>Often helps to be clearer&nbsp;<span class="lia-unicode-emoji" title=":grinning_face:">😀</span> Will this work?</P><LI-CODE lang="markup">| rex "\"category\":\".*?(?&lt;string&gt;[^\-\"]+)\""</LI-CODE><P>&nbsp;</P> Mon, 28 Jun 2021 11:18:07 GMT ITWhisperer 2021-06-28T11:18:07Z https://community.splunk.com/t5/Getting-Data-In/regex-to-capture-both-fields-as-below/m-p/557397#M92256 <P>Hi SMEs,</P><P>Seeking help to capture below 2 strings (Only string1 &amp; Only string1) as below in one regex</P><P>","category":"Only string1",</P><P>","category":"a1b2c3-Only string2",</P> Mon, 28 Jun 2021 10:33:27 GMT https://community.splunk.com/t5/Getting-Data-In/regex-to-capture-both-fields-as-below/m-p/557397#M92256 pavanbmishra 2021-06-28T10:33:27Z https://community.splunk.com/t5/Getting-Data-In/regex-to-capture-both-fields-as-below/m-p/557400#M92257 <LI-CODE lang="markup">| rex "\"category\":\".*(?&lt;string&gt;Only string\d)\""</LI-CODE> Mon, 28 Jun 2021 10:49:45 GMT https://community.splunk.com/t5/Getting-Data-In/regex-to-capture-both-fields-as-below/m-p/557400#M92257 ITWhisperer 2021-06-28T10:49:45Z https://community.splunk.com/t5/Getting-Data-In/regex-to-capture-both-fields-as-below/m-p/557406#M92258 <P>Let me be more clear here</P><P>","category":"thisissomethingineedtocapture",</P><P>","category":"a1b2c3-thisissomethingialsoneedtocapture",</P><P>Here thisissomethinginnedtocapture &amp; thisissomethingialsoneedtocapture should come in regex value. These both are strings and doesn't have any numeric value.</P> Mon, 28 Jun 2021 11:06:10 GMT https://community.splunk.com/t5/Getting-Data-In/regex-to-capture-both-fields-as-below/m-p/557406#M92258 pavanbmishra 2021-06-28T11:06:10Z https://community.splunk.com/t5/Getting-Data-In/regex-to-capture-both-fields-as-below/m-p/557408#M92259 <P>Often helps to be clearer&nbsp;<span class="lia-unicode-emoji" title=":grinning_face:">😀</span> Will this work?</P><LI-CODE lang="markup">| rex "\"category\":\".*?(?&lt;string&gt;[^\-\"]+)\""</LI-CODE><P>&nbsp;</P> Mon, 28 Jun 2021 11:18:07 GMT https://community.splunk.com/t5/Getting-Data-In/regex-to-capture-both-fields-as-below/m-p/557408#M92259 ITWhisperer 2021-06-28T11:18:07Z https://community.splunk.com/t5/Getting-Data-In/regex-to-capture-both-fields-as-below/m-p/557409#M92260 <P><a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/196109">@pavanbmishra</a>&nbsp;</P><P>Can you please try this?</P><LI-CODE lang="markup">YOUR_SEARCH | rex field=_raw "\"category\":\"(.*\-)?(?&lt;category&gt;.*)\""</LI-CODE><P>&nbsp;</P><P><STRONG>My Sample Search :</STRONG></P><LI-CODE lang="markup">| makeresults | eval raw="\",\"category\":\"thisissomethingineedtocapture\",|\",\"category\":\"a1b2c3-thisissomethingialsoneedtocapture\",|\",\"category\":\"Only string1\",|\",\"category\":\"a1b2c3-Only string2\"," | eval raw=split(raw,"|")|mvexpand raw | rename raw as _raw | rename comment as "Upto Now is sample data only" | rex field=_raw "\"category\":\"(.*\-)?(?&lt;category&gt;.*)\""</LI-CODE><P><BR />&nbsp;Thanks<BR />KV<BR />▄︻̷̿┻̿═━一<BR /><BR />If any of my reply helps you to solve the problem Or gain knowledge, an upvote would be appreciated.</P> Mon, 28 Jun 2021 11:26:49 GMT https://community.splunk.com/t5/Getting-Data-In/regex-to-capture-both-fields-as-below/m-p/557409#M92260 kamlesh_vaghela 2021-06-28T11:26:49Z