Splunk Enterprise Security

i want to write regular expression with the field i have a field called "file_name"

New Member

i have a field name is file_name in that field value is there

ex: file_name= Operating System-Linux-Server-Support-GENVE0001VA.gmail.com.au-GEN-Adm02

in this field i want to display only "GENVE0001VA.gmail.com.au" this value remaining value i dont want please let me know how to write regex in splunk search query

0 Karma

Path Finder

Assuming the naming convention is similar, you could try a capturing group with regex, this will just show the new field value in extracted fields or when specifically querying for the captured group.
Might look something like:

index=myindex sourcetype=myfiles 
| rex field=file_name ".+\-\w+\-\w+\-\w+\-(?<file_name>.+)\-.+"
| stats count by file_name

The regex might be a bit off but the main focus is the capturing group (?.+), this creates a field called file_name where the value would be GENVE0001VA.gmail.com.au.
This can also be predefined in Settings >> Fields >> Field Extractions

0 Karma


Please explain how to identify the part of file_name to extract.

If this reply helps you, Karma would be appreciated.
0 Karma

Esteemed Legend

Hi @mahendra559,
is there a rule in the name of the field to extract or in the log?
e.g. starts always with GEN or there's always the FQDN, or the field to extract is alwaysthe part of the log between the last two "-".

In this last case try something like this:

| rex field=file_name "^.*-(?<file_name>[^-]*)-\w+-\w+$"
| ...

that you can test at https://regex101.com/r/XZNTeG/1


0 Karma
Get Updates on the Splunk Community!

Introducing Edge Processor: Next Gen Data Transformation

We get it - not only can it take a lot of time, money and resources to get data into Splunk, but it also takes ...

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Help us learn about how Splunk has impacted your career by taking the 2021 Splunk Career Survey. Last year’s ...

Using Machine Learning for Hunting Security Threats

WATCH NOW Seeing the exponential hike in global cyber threat spectrum, organizations are now striving more for ...