Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

regex to capture both fields as below

pavanbmishra
Path Finder
‎06-28-2021 03:33 AM

Hi SMEs,

Seeking help to capture below 2 strings (Only string1 & Only string1) as below in one regex

","category":"Only string1",

","category":"a1b2c3-Only string2",

Labels (1)
Labels
Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎06-28-2021 04:18 AM

Often helps to be clearer 😀 Will this work?

| rex "\"category\":\".*?(?<string>[^\-\"]+)\""

 

View solution in original post

Reply
Solved! Jump to solution

kamlesh_vaghela
SplunkTrust
SplunkTrust
‎06-28-2021 04:26 AM

@pavanbmishra 

Can you please try this?

YOUR_SEARCH
 | rex field=_raw "\"category\":\"(.*\-)?(?<category>.*)\""

 

My Sample Search :

| makeresults | eval raw="\",\"category\":\"thisissomethingineedtocapture\",|\",\"category\":\"a1b2c3-thisissomethingialsoneedtocapture\",|\",\"category\":\"Only string1\",|\",\"category\":\"a1b2c3-Only string2\"," | eval raw=split(raw,"|")|mvexpand raw | rename raw as _raw
| rename comment as "Upto Now is sample data only" | rex field=_raw "\"category\":\"(.*\-)?(?<category>.*)\""


 Thanks
KV
▄︻̷̿┻̿═━一

If any of my reply helps you to solve the problem Or gain knowledge, an upvote would be appreciated.

0 Karma
Reply
Solved! Jump to solution

pavanbmishra
Path Finder
‎06-28-2021 04:06 AM

Let me be more clear here

","category":"thisissomethingineedtocapture",

","category":"a1b2c3-thisissomethingialsoneedtocapture",

Here thisissomethinginnedtocapture & thisissomethingialsoneedtocapture should come in regex value. These both are strings and doesn't have any numeric value.

0 Karma
Reply
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎06-28-2021 04:18 AM

Often helps to be clearer 😀 Will this work?

| rex "\"category\":\".*?(?<string>[^\-\"]+)\""

 

Reply
Solved! Jump to solution

ITWhisperer
SplunkTrust
SplunkTrust
‎06-28-2021 03:49 AM 
| rex "\"category\":\".*(?<string>Only string\d)\""
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...