Dashboards & Visualizations
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

RegEx for splitting data

Kaushaas
Explorer
‎06-12-2024 11:20 PM

Hi All,

I have a raw message which contains Action name like below :

CommBank.Api.PricingExtractor.Controllers.EventPublishController.PublishEventsToKafkaTopics (CommBank.Api.PricingExtractor)

which I  have extracted using below regular expression 

rex field=message "ActionName\\\":\\\"(?<ActionName>[^\\\"]+)"



Is there a way to extract only last part after "." and before "("   i.e "PublishEventsToKafkaTopics" just this I tried few ways but was getting error.

Any help will be appreciated
Thanks in advance

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

bowesmana
SplunkTrust
SplunkTrust
‎06-12-2024 11:58 PM

You can try this

| rex field=message "ActionName\\\":\\\"(\w+\.)*(?<ActionName>\w+)"

which will look for all package names up to the last . and then extract the class name based on \w+ rather than everything up to the final quote

If your package or class names contain chars other than \w then adjust accordingly.

View solution in original post

Reply
Solved! Jump to solution

mitcheljohns
New Member
‎06-13-2024 04:52 AM

Regular expressions (RegEx) are powerful tools for splitting data based on patterns. dish tv billing issues Use split() with a RegEx pattern to segment text into manageable components, such as dividing a string by commas or spaces. For instance, split(/[,\s]+/). Customize patterns to match specific delimiters or structures in data, ensuring accurate segmentation for tasks like parsing CSV files or extracting structured information from unformatted text.

0 Karma
Reply
Solved! Jump to solution
Solution

bowesmana
SplunkTrust
SplunkTrust
‎06-12-2024 11:58 PM

You can try this

| rex field=message "ActionName\\\":\\\"(\w+\.)*(?<ActionName>\w+)"

which will look for all package names up to the last . and then extract the class name based on \w+ rather than everything up to the final quote

If your package or class names contain chars other than \w then adjust accordingly.

Reply
Solved! Jump to solution

Kaushaas
Explorer
‎06-13-2024 03:31 AM

This worked thanks a lot

0 Karma
Reply
Solved! Jump to solution

Kaushaas
Explorer
‎06-13-2024 04:17 AM

@bowesmana  
Thanks for the solution 

| rex field=message "ActionName\\\":\\\"(\w+\.)*(?<ActionName>\w+)"

this worked tried similar thing to extract name from below url using below reg ex what did I miss it didnot work i replaced . to /? If you could ecplain to it will be helpful

URL --- /api/v1/Publish   value expected ---- Publish

| rex field=message "reqPath\\\":\\\"(\w+\/)*(?<reqPath>\w+)"

Thanks a ton in advance

0 Karma
Reply
Solved! Jump to solution

bowesmana
SplunkTrust
SplunkTrust
‎06-13-2024 06:30 PM

Try this

| rex field=message "reqPath\\\":\\\".*/(?<reqPath>\w+)"

where the .* is a greedy capture up to the final / character

0 Karma
Reply
Solved! Jump to solution

glc_slash_it
Path Finder
‎06-12-2024 11:52 PM

Hi,

try this after your rex.

 

| rex field=ActionName "\.([^\.]+)\s*\("

 

0 Karma
Reply
Get Updates on the Splunk Community!

App Platform's 2025 Year in Review: A Year of Innovation, Growth, and Community

As we step into 2026, it’s the perfect moment to reflect on what an extraordinary year 2025 was for the Splunk ...

Operationalizing Entity Risk Score with Enterprise Security 8.3+

Overview Enterprise Security 8.3 introduces a powerful new feature called “Entity Risk Scoring” (ERS) for ...

Unlock Database Monitoring with Splunk Observability Cloud

  In today’s fast-paced digital landscape, even minor database slowdowns can disrupt user experiences and ...