Regex to capture below format data

Ashwini008 · ‎03-04-2021

Hi ,

please help me with regex expression to capture the data in below part which is in bold and underlined.

e+o.in_zpiystoc.stkdrtyini.600.1.txt.1.yyyymmddhhmmss
e+o.drlugrbuyhe.xml.1.yyyymmddhhmmss
k+d.zpiyxery.npoudatri.600.gpg.1.20210127014546.gpg

i need to ignore the starting x+y values and capture only the data present before dateformat and ignore everything after date(including date).

scelikok · ‎03-04-2021

Please try below;

| rex "\.(?<filename>.+)\.\d{14}"

If this reply helps you an upvote and "Accept as Solution" is appreciated.

manjunathmeti · ‎03-04-2021

Try this:

| rex \.(?<filename>.+\.\w+\.1)

Ashwini008 · ‎03-04-2021

@manjunathmeti This isn't applied to my other format files like below

c+d.zptumike.ccapd1fo.600.2.20210127020002.gpg

e+0.in_zpiyintl.truntaxi.600.1.txt.5.20210127020002.gpg

can you help with regex which applies to all the mentioned format?

manjunathmeti · ‎03-04-2021

Try this:

| rex "\.(?<filename>.+\.\w+\.\d)\."

Are you a member of the Splunk Community?