Security

regular expression

Siddharthnegi
Contributor

Hi I want to extract highlighted part

Sep 24 10:43:25 10.82.10.245 [S=217] [BID=d57afa:30] RAISE-ALARM:acProxyConnectionLost: [KOREASBC1] Proxy Set Alarm Proxy Set 1 (PS_ITSP): Proxy lost. looking for another proxy; Severity:major; Source:Board#1/ProxyConnection#1; Unique ID:242; Additional Info1:; [Time:24-09@17:43:25.248] [63380759]
0 Karma

Thulasinathan_M
Contributor

You can use below rex. Which will fetch the highlighted context
| rex "\w+\s+\d+\s+\d{2}:\d{2}:\d{2}\s+(?<result>[^\s]+)"

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @Siddharthnegi ,

please try this:

| rex "^\w+\s\d+\s\d+:\d+:\d+\s(?<ip>\d+\.\d+\.\d+\.\d+)"

that you can test at https://regex101.com/r/Ha7ifi/1

Ciao.

Giuseppe

0 Karma
Get Updates on the Splunk Community!

Developer Spotlight with William Searle

The Splunk Guy: A Developer’s Path from Web to Cloud William is a Splunk Professional Services Consultant with ...

Major Splunk Upgrade – Prepare your Environment for Splunk 10 Now!

Attention App Developers: Test Your Apps with the Splunk 10.0 Beta and Ensure Compatibility Before the ...

Stay Connected: Your Guide to June Tech Talks, Office Hours, and Webinars!

What are Community Office Hours?Community Office Hours is an interactive 60-minute Zoom series where ...