Getting Data In

Regex Help

SS1
Path Finder

Hi,

I have the below log entry, can you help with the regex to extract the line in Red. The regex i have is not working properly in props.conf

 

2021-09-23 19:03:40.802 INFO 1 --- [sdgfsdgsdfgsdfg] asdfasdfasdfasfasfgfdhdfhdf : Response --> {
"claimId" : asfdasdfadf,
"claimFilerId" : "sadfasdf",
"vendorName" : "asfasfadfadf. ",
"vendorId" : "aefadf",
"vendorAddressId" : "asfafsd",
"vendorAddress" : "sdfgsdgsfg",
"preparedDate" : "09-22-2021",
"receivedDate" : "09-22-2021",
"enteredDate" : "09-22-2021",
"assignedTo" : {
"employeeId" : "sdfasdf ",
"firstName" : "asfasf",
"lastName" : "zsdfdf",
"adUserIdentifier" : "zsdfvzdv"
},
"correspondence" : {
"type" : {
"code" : 5947,
"shortName" : "EOB",
"longName" : "EOB"
},
"dispatchCode" : {
"code" : 5947,
"shortName" : "NtRqd",
"longName" : "Not Required"
},
"emailAddress" : "abcd@g.com,       dgfh@a.in"
}

0 Karma

SS1
Path Finder

you mean transforms.conf ?

Below are the two regex's i tried

[email-anonymizer]
REGEX = (^.*[^.]+)(^.*[^.]+)(?ms)(\"emailAddress\")(.*)
FORMAT = $1$2$3########
DEST_KEY = _raw

[ss-email-anonymizer]
REGEX = (^.*[^.]+)("[A-z0-9._%+-]+@[A-z0-9.-]+\.[A-z]{2,63}),\s*([A-z0-9._%+-]+@[A-z0-9.-]+\.[A-z]{2,63}")(\s.*[^.]+)
FORMAT = $1###########$4
DEST_KEY = _raw

0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

What regex do you have in props.conf?

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...