Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Regex to capture below format data

Ashwini008
Communicator
‎03-04-2021 07:04 AM

Hi ,

please help me with regex expression to capture the data in below part which is in bold and underlined.

e+o.in_zpiystoc.stkdrtyini.600.1.txt.1.yyyymmddhhmmss
e+o.drlugrbuyhe.xml.1.yyyymmddhhmmss
k+d.zpiyxery.npoudatri.600.gpg.1.20210127014546.gpg
 
i need to ignore the starting x+y values and capture only the data present before dateformat and ignore everything after date(including date).
Tags (4)
0 Karma
Reply

scelikok
Influencer
‎03-04-2021 09:41 PM

Hi @Ashwini008,

Please try below;

| rex "\.(?<filename>.+)\.\d{14}"
If this reply helps you an upvote is appreciated.
Reply

manjunathmeti
Champion
‎03-04-2021 07:16 AM

Try this:

| rex \.(?<filename>.+\.\w+\.1)
0 Karma
Reply

Ashwini008
Communicator
‎03-04-2021 09:10 PM

@manjunathmeti This isn't applied to my other format files like below

c+d.zptumike.ccapd1fo.600.2.20210127020002.gpg

e+0.in_zpiyintl.truntaxi.600.1.txt.5.20210127020002.gpg

 

 

can you help with regex which applies to all the mentioned format?

 

 

0 Karma
Reply

manjunathmeti
Champion
‎03-04-2021 10:26 PM

Try this:

| rex "\.(?<filename>.+\.\w+\.\d)\."
Reply
Get Updates on the Splunk Community!