Security

extract username for element in path

kritho
Explorer

Hi,
Im new to regexes, and I'm trying to get the username field configuration to my extract-fields

source:
/u01/somedir/somedir/user1/anotherfile
/u01/somedir/somedir/user3/anotherfile2
/u01/somedir/somedir/user4/anotherfile3

I want to get the "user1|2|3" part to a username field.

Any tips?
brgds/K

Tags (1)
0 Karma

kristian_kolb
Ultra Champion

To do that inline in the search, you can use rex in the example below, look at the fourth element of the path (i.e. source);

your search | rex field=source "/([^/]+/){3}(?<username>[^/]+)"

/K

Get Updates on the Splunk Community!

Splunk Smartness with Brandon Sternfield | Episode 3

Hello and welcome to another episode of "Splunk Smartness," the interview series where we explore the power of ...

Monitoring Postgres with OpenTelemetry

Behind every business-critical application, you’ll find databases. These behind-the-scenes stores power ...

Mastering Synthetic Browser Testing: Pro Tips to Keep Your Web App Running Smoothly

To start, if you're new to synthetic monitoring, I recommend exploring this synthetic monitoring overview. In ...