Solved: what regex command i can use in order to create a ... - Splunk Community

All Apps and Add-ons

I have a data which splunk shows, but i dont see a field for what i wanted

"ag-somethin-id":["97234d506-E0ASD-4XXX-AXX0-ASD77757"]

I need to to create a field with ag-somethin-id which should actually give me the all the values under those events and it should show something like:

97234d506-E0ASD-4XXX-AXX0-ASD77757 under this field ag-somethin-id

Till now I have tried using the below, but its not correct:

rex "ag-somethin-id[\\":](?[^\[":"])"

Please help in fixing this

1 Solution

Solution

This worked for me in regex101.com using your sample data.

rex "ag-somethin-id\":\[\"(?<somethin>[^\"]+)"

---
If this reply helps you, Karma would be appreciated.

View solution in original post

Solution

This worked for me in regex101.com using your sample data.

rex "ag-somethin-id\":\[\"(?<somethin>[^\"]+)"

---
If this reply helps you, Karma would be appreciated.

Get Updates on the Splunk Community!

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

From Idea to Implementation: Why Splunk Built mTLS into Splunk Enterprise 10.0 mTLS wasn’t just a checkbox ...