Hello Expert,
I have the following text.
anything followed by anything and ended by an empty line
what is the regular expression that look familiar to you?
(space<?Total>.*)
or
(Total<?space>.*)
This is not actually my question cause it depend on the definition below wich started by look followed by familiar , but i really need to determine what character mean go till the end of a text not the end of a line
Any idea from where this is belong? It should be one character i suppose and it's C!
So see C is very difficult for a parsing language like Splunk. I just wondering if someone could help me finding this character on splunk cause i already suggested new one that doesn't work in technology maybe end of an all could be + for repeat or something like that could & be the solution for example .& , it's not a star .* what could be a bottle neck with white color , how about W as of WWW world wide web for example .W , i suppose it should be simple but as long as the wisdom have 2 spaces on the floor and on the roof , i choose to be on the roof cause this is planned. But the thing that isn't planned is your answers to this question.
Any idea what character determine the end of a text body wich is supposed to be followed by a point. .N .T .^ .G .! .@ any idea what character is it?
Many thanks and sorry if i'm bothering you with that silly question.
I need a Splunk character with an example if this is possible
sourcetype="imap" | rex field=_raw "(Total<?space>.?)"
Hark! Me thoughts begin to ponder upon your stated intentions. Hearing only wonders of Regex and Confucianism, I direct my cerebral temperament to a solution. If you wish to capture all information until a line return, try the below supposition!
sourcetype="imap" | rex field=_raw "Total(?<body>[^\r\n]+)"
Great conference presentation as well.
For that kind of heavy logs, I think you're going to need bigger artillery. Like this:
Hark! Me thoughts begin to ponder upon your stated intentions. Hearing only wonders of Regex and Confucianism, I direct my cerebral temperament to a solution. If you wish to capture all information until a line return, try the below supposition!
sourcetype="imap" | rex field=_raw "Total(?<body>[^\r\n]+)"
If I have answered your question, please accept it so others might find it useful. Thanks!
Are you parsing IMAP log data or messages in mbox format?
sourcetype="imap" | rex field=_raw "(Total?.*)$" , does dollar sign mean the beginning of an empty line or end of a text.
I need to extract with one character if possible or 2 it doesn't matter a text that contain a Total at the beginning and end it with an empty line
For example i have the text with the following:
Return the Total number of seconds contained in the duration. Equivalent to (td.microseconds + (td.seconds + td.days * 24 * 3600) * 10**6) / 10**6 computed with true division enabled. keep it or leave it,etc
Then this text will end with an empty line where to stop.
Star mean, I think they should change the editor of comment , why answering is more sophisticated then comment section,i was trying to communicate with you by comment not by answering my own question but it seams that i use the answering editor to start the same question but with additional content. I need the till beginning of an empty line in a text character.
I'm sorry, I think you must give an example text and show exactly what words you want to capture.
rex "some initial text (?<the_rest_of_the_line>.*)$"
match any characters after your initial text until the end-of-line, and store them in a field calle 'the_rest_of_the_line'.
.* mean end of line , the star appeared as a point in my previous comment.
*
mean till the end of the line , what character mean till the end of the text and till the beginning of an empty line?
do you mean \b
as in 'boundary'? Check out;
http://gskinner.com/RegExr/
http://www.regular-expressions.info/
Yes, that was my first impression as well. Went into edit mode to see if there was anything wrong with the filtering of HTML-specific characters, but no.
Still, the crane is awesome.
i'm looking for end text symbol in regular expression , that's it. do you have an idea?
I seriously have no idea what you're asking. Nice crane though.
Can you give some sample events, and highlight the string you want to match?