- Splunk Answers
- :
- Using Splunk
- :
- Splunk Dev
- :
- Re: Detecting different character sets in an email...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I want to report on emails containing subjects that are using difference character sets, such as Chinese, Russian, Greek alphabet, etc.
Is there an easy way to pull out the character encoding from the emails?
eg:
Sender: someone@somewhere.com
Sender: 你好,世界
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I found a List of all languages here :
https://www.regular-expressions.info/unicode.html#prop scroll down to Unicode Scripts and Unicode Blocks.
You could use [^\p{Latin}], since everything you are looking for is non latin?!
I think thats the closest you can get, by using the rex above
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I found a List of all languages here :
https://www.regular-expressions.info/unicode.html#prop scroll down to Unicode Scripts and Unicode Blocks.
You could use [^\p{Latin}], since everything you are looking for is non latin?!
I think thats the closest you can get, by using the rex above
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Would be great if you could accept and upvote the question, thank you 🙂
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
HI,
its a bit bulky, but wouldn´t it be working if you use your regex to find everything except chracters you have in your charset?
like
[^:.@,\s+\w+]
This is matching the chinese characters
OR
And at least for chinese there is a method to match all chracters with \p{Han}. Seems to work in splunk.
| makeresults | eval aaa="世界" | rex field=aaa (?<my_aaa>\p{Han}.*)
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That was an interesting approach I hadn't considered. The problem I am finding is that there seem to be lots of edge cases, such as é, í, !, ", £, $, %, ... I keep going back and finding more to exclude.
Not sure if this is the best way to do it, or if theres an alternate approach?
Join Us for Splunk University and Get Your Bootcamp Game On!
.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!
Announcing Scheduled Export GA for Dashboard Studio
