Solved: Reference a regex from a source tyoe

williamcharlton · ‎05-30-2019

We have a dozen logs to ingest into Splunk. The log data will be obtained using regular expressions. Based on local conventions, we'll be creating a dozen source types, each named for its corresponding log.

As it turns out, only two regular expressions are needed for the dozen logs, one regular expression for 4 of the logs, and the second regular expression for the other 8 logs.

I don't want to copy and paste the one regular expression into 4 of the source types and the other regular expression into the other 8 source types. Instead, I want to store the two regular expressions in Splunk one time each and then reference each of the two regular expressions from the 12 source types as appropriate.

Is there a way to store the regular expressions in Splunk one time each and then reference them from the 12 source types?

skalliger · ‎06-02-2019

Simply: yes, you're looking for modular regular expressions.

Skalli

View solution in original post

skalliger · ‎06-02-2019

Simply: yes, you're looking for modular regular expressions.

Skalli

Reference a regex from a source tyoe

Data Management Digest – December 2025

Index This | What is broken 80% of the time by February?

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Join the Conversation

Reference a regex from a source tyoe

Data Management Digest – December 2025

Index This | What is broken 80% of the time by February?

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...