Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to edit my regular expression to retrieve the first 7-8 characters of variable length strings that end with abcd.com?

christopheryu
Communicator
‎09-27-2016 12:44 PM

I am trying to extract router names from syslog messages.

Need the regular expression to get the first 7 or 8 characters of variable length strings that end with abcd.com. Example below:

tpbjm01-re0.abcd.com
xtsdjm01-re0.abcd.com
lnd2j902-re1.abcd.com
pqrjm02-re1.abcd.com
py3jm01-re1.uk.abcd.com
brhmjm02-re1.emea.abcd.com
rcnj902.abcd.com
cpzyjm01.abcd.com

So result should be:

tpbjm01
xtsdjm01
lnd2j902
pqrjm02
py3jm01
brhmjm02
rcnj902
cpzyjm01

This is supposed to be the correct regex but it is not pulling anything: 

^(?\w{7,8})(?=.*abcd.com)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

christopheryu
Communicator
‎09-28-2016 09:17 AM

Thank you for the response @rrowland . I did use regex101 in coming up with regex in my question but it does not work with splunk. I was able do it by splunk's "extract new field" and using add/remove events. Regex below:

^(?:[^:\n]*:){4}\d+\s+(?P\w+)

View solution in original post

Reply
Solved! Jump to solution
Solution

christopheryu
Communicator
‎09-28-2016 09:17 AM

Thank you for the response @rrowland . I did use regex101 in coming up with regex in my question but it does not work with splunk. I was able do it by splunk's "extract new field" and using add/remove events. Regex below:

^(?:[^:\n]*:){4}\d+\s+(?P\w+)

Reply
Solved! Jump to solution

rrowland
Explorer
‎09-27-2016 04:20 PM

Hello Christopher,

I was able to use the following on regex101.com with your data set and get your required results using the below.

([a-zA-Z0-9]{7,8})

Regards,
Rich

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...