How to extract complete string using regular expre...

Nith1 · ‎06-15-2021

Hi TEam

I have the below data in the logs how can i extract the complete string using regular expression .

4678-business-release-${table.date}-292_(2)
6789-business-release-06102021-292

I have tried using

| rex field=_raw "deploy_release\=(?<Deploy_Release>.[^\n][a-z0-9#][^\n])"

But i could get only the first values (i.e) 4678 and 6789 but not the completed string .Can someone please correct me

Thanks

kamlesh_vaghela · ‎06-15-2021

@Nith1

Can you please share your expected OP from you sample event?

Meanwhile can you please try this?

| rex field=_raw "deploy_release\=(?<Deploy_Release>.[^\n].*)"

Thanks
KV
▄︻̷̿┻̿═━一

If any of my reply helps you to solve the problem Or gain knowledge, an upvote would be appreciated.

ITWhisperer · ‎06-15-2021

| rex field=_raw "deploy_release\=(?<Deploy_Release>.*?)"

Can you share the full event as you might be able to do this a different way if the deploy_release field is not the remainder of the line and is delimited by a space for example

| rex field=_raw "deploy_release\=(?<Deploy_Release>[^\s]+)"

How to extract complete string using regular expression

Why You Can't Miss .conf25: Unleashing the Power of Agentic AI with Splunk & Cisco

Deep Dive into Federated Analytics: Unlocking the Full Power of Your Security Data

Your summer travels continue with new course releases

Are you a member of the Splunk Community?

How to extract complete string using regular expression

Why You Can't Miss .conf25: Unleashing the Power of Agentic AI with Splunk & Cisco

Deep Dive into Federated Analytics: Unlocking the Full Power of Your Security Data

Your summer travels continue with new course releases