Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

RegEx for splitting data

Kaushaas
Explorer
‎06-12-2024 11:20 PM

Hi All,

I have a raw message which contains Action name like below :

CommBank.Api.PricingExtractor.Controllers.EventPublishController.PublishEventsToKafkaTopics (CommBank.Api.PricingExtractor)

which I  have extracted using below regular expression 

rex field=message "ActionName\\\":\\\"(?<ActionName>[^\\\"]+)"



Is there a way to extract only last part after "." and before "("   i.e "PublishEventsToKafkaTopics" just this I tried few ways but was getting error.

Any help will be appreciated
Thanks in advance

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

bowesmana
SplunkTrust
SplunkTrust
‎06-12-2024 11:58 PM

You can try this

| rex field=message "ActionName\\\":\\\"(\w+\.)*(?<ActionName>\w+)"

which will look for all package names up to the last . and then extract the class name based on \w+ rather than everything up to the final quote

If your package or class names contain chars other than \w then adjust accordingly.

View solution in original post

Reply
Solved! Jump to solution

mitcheljohns
New Member
‎06-13-2024 04:52 AM

Regular expressions (RegEx) are powerful tools for splitting data based on patterns. dish tv billing issues Use split() with a RegEx pattern to segment text into manageable components, such as dividing a string by commas or spaces. For instance, split(/[,\s]+/). Customize patterns to match specific delimiters or structures in data, ensuring accurate segmentation for tasks like parsing CSV files or extracting structured information from unformatted text.

0 Karma
Reply
Solved! Jump to solution
Solution

bowesmana
SplunkTrust
SplunkTrust
‎06-12-2024 11:58 PM

You can try this

| rex field=message "ActionName\\\":\\\"(\w+\.)*(?<ActionName>\w+)"

which will look for all package names up to the last . and then extract the class name based on \w+ rather than everything up to the final quote

If your package or class names contain chars other than \w then adjust accordingly.

Reply
Solved! Jump to solution

Kaushaas
Explorer
‎06-13-2024 03:31 AM

This worked thanks a lot

0 Karma
Reply
Solved! Jump to solution

Kaushaas
Explorer
‎06-13-2024 04:17 AM

@bowesmana  
Thanks for the solution 

| rex field=message "ActionName\\\":\\\"(\w+\.)*(?<ActionName>\w+)"

this worked tried similar thing to extract name from below url using below reg ex what did I miss it didnot work i replaced . to /? If you could ecplain to it will be helpful

URL --- /api/v1/Publish   value expected ---- Publish

| rex field=message "reqPath\\\":\\\"(\w+\/)*(?<reqPath>\w+)"

Thanks a ton in advance

0 Karma
Reply
Solved! Jump to solution

bowesmana
SplunkTrust
SplunkTrust
‎06-13-2024 06:30 PM

Try this

| rex field=message "reqPath\\\":\\\".*/(?<reqPath>\w+)"

where the .* is a greedy capture up to the final / character

0 Karma
Reply
Solved! Jump to solution

glc_slash_it
Path Finder
‎06-12-2024 11:52 PM

Hi,

try this after your rex.

 

| rex field=ActionName "\.([^\.]+)\s*\("

 

0 Karma
Reply
Get Updates on the Splunk Community!

How to Get Started with Splunk Data Management Pipeline Builders (Edge Processor & ...

If you want to gain full control over your growing data volumes, check out Splunk’s Data Management pipeline ...

Out of the Box to Up And Running - Streamlined Observability for Your Cloud ...

  Tech Talk Streamlined Observability for Your Cloud Environment Register    Out of the Box to Up And Running ...

Splunk Smartness with Brandon Sternfield | Episode 3

Hello and welcome to another episode of "Splunk Smartness," the interview series where we explore the power of ...