Solved: Re: Extract value from a field

verifi81 · ‎04-26-2021

Hello folks

I have a search in which I table. Here is a snippet of the results

ObjectDN _time

cn=Jane Fonda,OU=Blue,OU=Pad,OU=Circle Team,DC=circle,DC=net

2021-04-22 23:48:36

CN=Matt Cruz,OU=Blue,OU=Pad2,OU=Circle Team,DC=circle,DC=net

2021-04-22 01:07:43

If I want to extract the names contained in the CN to output to a column on it's own how would I do that?

ITWhisperer · ‎04-28-2021

| rex field=ObjectDN "(?i)CN=(?<NAMES>[^,]+)"

View solution in original post

verifi81 · ‎04-28-2021

Perfect. thank you so much.

verifi81 · ‎04-26-2021

I don't know why the question cut off. My question is, if I wanted just the CN portion of the results to display in a separate column called "NAMES", how can I do that?

ITWhisperer · ‎04-26-2021

| rex field=ObjectDN "CN=(?<NAMES>[^,]+)"

verifi81 · ‎04-28-2021

ITWhisperer, thank you so much.

In some cases the CN is lower case so it doesn't match for those entries. Is there a way to make this case insensitive?

ITWhisperer · ‎04-28-2021

| rex field=ObjectDN "(?i)CN=(?<NAMES>[^,]+)"

Extract value from a field

configuration

Preparing your Splunk Environment for OpenSSL3

Unleash Unified Security and Observability with Splunk Cloud Platform

Splunk AppDynamics with Cisco Secure Application