Can I match multiple patterns with regex in the sa...

sanchitguptaiit · ‎06-21-2016

I have a requirement where I need to search all logs to match a set of patterns and extract some values. Is there something in Splunk to help with same?

For eg: below are various search patterns I would like to find in logs (and there are 100s of these). If there is any match, print the value matching a regex and the pattern that was matched.

Input Patterns:

Error in CUSIP ## *([A-Za-z0-9]{9})* (Wrong model model indicatives not found)
*([A-Za-z0-9]{9})* does not have up shift cashflow, pass
CUSIP ([A-Za-z0-9]{9}) is not in input file
ValueError: Missing cashflow for scenario opt cusip ([A-Za-z0-9]{9})
ssm_id ([A-Za-z0-9]{9}). has error:.. doSetYieldCurve:ERROR: :ERROR: Cannot get rates for intex
,([A-Za-z0-9]{9}),[0-9]+ loans out of [0-9]+ were using group/deal level curves

Output:

Value        |   pattern
123456789    |    ## Error in CUSIP ## 123456789 (Wrong model model indicatives not found)
1AB456789    |    ## Error in CUSIP ## 1AB456789 (Wrong model model indicatives not found)
123456789    |   123456789   does not have up shift cashflow, pass

thanks, Sanchit

woodcock · ‎06-21-2016

See the answer here (it is complicated):

https://answers.splunk.com/answers/386488/regex-in-lookuptable.html#answer-387536

Can I match multiple patterns with regex in the same search to extract fields from logs?

Accelerating Observability as Code with the Splunk AI Assistant

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!

Join the Conversation

Can I match multiple patterns with regex in the same search to extract fields from logs?

Accelerating Observability as Code with the Splunk AI Assistant

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!