Archive

How to extract a field between two patterns in a search

Explorer

Hi,

How do I get "7515-36283" between "Result:" and "/ Value" from following text:

Result: 75153-6283 / Value

"Result: 75153-6283 / Value" occurs multiple times with different numeric value and might have special character.

I've tried:

... | rex field=_raw "Result: (?P<Order>[^\s]+) / Value" | table Order

It works but does not show all values in a single field. It only shows the first occurrence of the "Order"

Tags (1)
0 Karma
1 Solution

SplunkTrust
SplunkTrust

HI

Can you please try this one?

 ... | rex max_match=0 field=_raw "Result: (?P<Order>[^\s]+) / Value" | table Order

Thanks

View solution in original post

0 Karma

SplunkTrust
SplunkTrust

HI

Can you please try this one?

 ... | rex max_match=0 field=_raw "Result: (?P<Order>[^\s]+) / Value" | table Order

Thanks

View solution in original post

0 Karma

Explorer

This worked, Super thanks

0 Karma