Splunk Enterprise Security

Can you help me come up with the regex to extract multiple format events?

nagaraju_chitta
Path Finder
  1. 2018-09-28 14:33:23,Virus found,IP Address: 127.0.0.1,csk name: abcd01

  2. 2018-09-25T09:07:02.240377+00:00 0.0.0.0 Sep 25 16:57:46 host01 Server: Virus found,IP Address: 127.0.0.1,csk name: C8106557

  3. 2018-10-18T01:23:18.692712+00:00 0.0.0.0 Oct 18 09:20:48 host01 Server: Actual Risk found,IP Address: 127.0.0.1,csk name: sN105981

  4. 2018-10-18T00:58:14.244048+00:00 0.0.0.0 Oct 18 08:55:28 Host1 Server: Normal Risk found,IP Address: 127.0.0.1,csk name: N105981

From the above 4 events, I would like to pick the hi-lighted string (mentioned below) using regex. Any idea?

Virus
Virus
Actual Risk
Normal Risk

0 Karma
1 Solution

FrankVl
Ultra Champion

Try the following regex: (?<field1>\w[\w\s]+)\sfound
https://regex101.com/r/f0loQG/1

View solution in original post

0 Karma

FrankVl
Ultra Champion

Try the following regex: (?<field1>\w[\w\s]+)\sfound
https://regex101.com/r/f0loQG/1

0 Karma

nagaraju_chitta
Path Finder

Thank you!!! saved my time 🙂

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...