Hi,

I need assistance with writing a regex that extracts all characters upto the character "_" underscore.

so, the data could look like this:

field1:

ABCD_1234234
EFG_12349879
HIJK_12349850

And I would like to only see:

ABCD
EFG
HIJK

I tired this however it is not doing the trick:

| regex field1 = "^.*?(?=\_)"

regex101 seems to show it working but ... I must be missing something when converting it into splunk.

Any help would be appreciated.

Thanks,