Hello everyone,
I have a field named SQL_NAME with values as per below (I'm writing two of them):
#1(8):EMEMEB #2(14):8/3/2022 0:0:0 #3(13):Ememe Behe #4(3):409 #5(0):#1(6):TSUDE #2(14):8/1/2022 0:0:0 #3(10):Tugu Sude #4(3):411 #5(0):
and I want to extract two fields named user and name with their values in the bold strings above using regular expression. Any idea?
Thank you in advance.
Try this command.
| rex field=SQL_NAME "\d+\):(?<user>\S+).*?#3\(\d+\):(?<name>.*?)\s#"
View solution in original post
Thanks a lot! That worked like a charm! May I ask if there is any regex generator that generates the regex form from just selecting a specific text?
Splunk's Field Extractor feature will do that, but the expressions it generates are not optimal.
I have not used any other regex generators.
