Solved: Re: create a field from regex

omershira · ‎12-15-2020

Hello,

From my system I recive number of events, some of them contain a value of the letter 'c' and then 7 digits like so: 'c5426987'. I want to create a field by the name user_id that will contain that value.

I tried to use extract field and mark the value I was searching for but it got only some of the results and not all of them, the thing is that the value shows up in different ways like:

- name:c1234567

-somedata/c1234567

- login by c1234567

and I can't find a way to get them all...

I tested a regex in a website that examines regexes and it did extract what I was searching for. the regex I tested was: "/c[/d]{7}/g" and it gave the wanted results on the website.

I tried using both rex and regex commands and they didnt seem to work...

can you please help me to find the way to create the field "user_id" using that regex?

thanks!

omer shira

richgalloway · ‎12-15-2020

Try this

your search
| rex "(?<user_id>c\d{7})"

---
If this reply helps you, Karma would be appreciated.

View solution in original post

richgalloway · ‎12-15-2020

Try this

your search
| rex "(?<user_id>c\d{7})"

---
If this reply helps you, Karma would be appreciated.

omershira · ‎12-20-2020

Yay! that's worked!

create a field from regex

administration

Analytics Workspace

Index This | What is broken 80% of the time by February?

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Splunk MCP & Agentic AI: Machine Data Without Limits

Join the Conversation