Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

regex to pull cn fields

spluser1
Loves-to-Learn
‎10-19-2023 03:02 AM

Hey everyone, 

 

I have this format - 

cn=<name>,ou=<>,ou=people,dc=<>,dc=<>,dc=<> that i'm pulling that i need to use only the cn= field. how can i do it with the regex command? is that possible?

 

thanks!!

Labels (1)
Labels
0 Karma
Reply

spluser1
Loves-to-Learn
‎10-19-2023 03:28 AM

excellent, i see it now. works perfect. thanks!

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎10-19-2023 03:32 AM
As it solve you problem, please accept it as Solution so other can see it later.
Happy Splunking!
0 Karma
Reply

spluser1
Loves-to-Learn
‎10-19-2023 03:20 AM

thanks for the info.

when saying your existing field you mean to put the actual field that contain the format? also is there a way to save that so i could do a stats to show the output only with the cn value?

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎10-19-2023 03:25 AM
If you have extracted that whole value into some field (e.g. ldap_query) then use it. If that value is still in _raw then you could leave that field=xxxx part away. Just see https://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Rex
0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎10-19-2023 03:15 AM

Hi

you could use this

...
| rex field=<your existing field> "cn=(?<cn>[^,]+)"

r. Ismo

PS. regex101.com is excellent place to test these! 

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...