All Apps and Add-ons

what is the reverse of an end call ?

Builder

Hello Expert,

I have the following text.
anything followed by anything and ended by an empty line
what is the regular expression that look familiar to you?

(space<?Total>.*)

or

(Total<?space>.*)

This is not actually my question cause it depend on the definition below wich started by look followed by familiar , but i really need to determine what character mean go till the end of a text not the end of a line

Any idea from where this is belong? It should be one character i suppose and it's C!
So see C is very difficult for a parsing language like Splunk. I just wondering if someone could help me finding this character on splunk cause i already suggested new one that doesn't work in technology maybe end of an all could be + for repeat or something like that could & be the solution for example .& , it's not a star .* what could be a bottle neck with white color , how about W as of WWW world wide web for example .W , i suppose it should be simple but as long as the wisdom have 2 spaces on the floor and on the roof , i choose to be on the roof cause this is planned. But the thing that isn't planned is your answers to this question.

Any idea what character determine the end of a text body wich is supposed to be followed by a point. .N .T .^ .G .! .@ any idea what character is it?

Many thanks and sorry if i'm bothering you with that silly question.

I need a Splunk character with an example if this is possible
sourcetype="imap" | rex field=_raw "(Total<?space>.?)"
alt text

1 Solution

SplunkTrust
SplunkTrust

Hark! Me thoughts begin to ponder upon your stated intentions. Hearing only wonders of Regex and Confucianism, I direct my cerebral temperament to a solution. If you wish to capture all information until a line return, try the below supposition!

sourcetype="imap" | rex field=_raw "Total(?<body>[^\r\n]+)"

alt text

View solution in original post

Engager

Great conference presentation as well.

0 Karma

Ultra Champion

For that kind of heavy logs, I think you're going to need bigger artillery. Like this:

http://cdn1.flipacars.com/pics/04/67/krupp-bagger_0e234.jpg

SplunkTrust
SplunkTrust

Hark! Me thoughts begin to ponder upon your stated intentions. Hearing only wonders of Regex and Confucianism, I direct my cerebral temperament to a solution. If you wish to capture all information until a line return, try the below supposition!

sourcetype="imap" | rex field=_raw "Total(?<body>[^\r\n]+)"

alt text

View solution in original post

SplunkTrust
SplunkTrust

If I have answered your question, please accept it so others might find it useful. Thanks!

Splunk Employee
Splunk Employee

Are you parsing IMAP log data or messages in mbox format?

0 Karma

Builder

sourcetype="imap" | rex field=_raw "(Total?.*)$" , does dollar sign mean the beginning of an empty line or end of a text.

I need to extract with one character if possible or 2 it doesn't matter a text that contain a Total at the beginning and end it with an empty line

For example i have the text with the following:
Return the Total number of seconds contained in the duration. Equivalent to (td.microseconds + (td.seconds + td.days * 24 * 3600) * 10**6) / 10**6 computed with true division enabled. keep it or leave it,etc

Then this text will end with an empty line where to stop.

0 Karma

Builder

Star mean, I think they should change the editor of comment , why answering is more sophisticated then comment section,i was trying to communicate with you by comment not by answering my own question but it seams that i use the answering editor to start the same question but with additional content. I need the till beginning of an empty line in a text character.

0 Karma

Ultra Champion

I'm sorry, I think you must give an example text and show exactly what words you want to capture.

0 Karma

Ultra Champion

rex "some initial text (?<the_rest_of_the_line>.*)$"

match any characters after your initial text until the end-of-line, and store them in a field calle 'the_rest_of_the_line'.

0 Karma

Builder

.* mean end of line , the star appeared as a point in my previous comment.

0 Karma

Builder

* mean till the end of the line , what character mean till the end of the text and till the beginning of an empty line?

0 Karma

Ultra Champion

do you mean \b as in 'boundary'? Check out;
http://gskinner.com/RegExr/
http://www.regular-expressions.info/

0 Karma

Ultra Champion

Yes, that was my first impression as well. Went into edit mode to see if there was anything wrong with the filtering of HTML-specific characters, but no.

Still, the crane is awesome.

Builder

i'm looking for end text symbol in regular expression , that's it. do you have an idea?

0 Karma

Builder

I seriously have no idea what you're asking. Nice crane though.

Can you give some sample events, and highlight the string you want to match?