Solved: Can you help me come up with a regex expression wh...

samwatson45 · ‎09-21-2018

Hi,

I have a field which produces a value like this example: DB=HR_10_7_3043_TGTHRLIVE
I am trying extract the number and write it in the following way: DB_Version=10.7.3043
How do I get Splunk to cut off before and after the number and then replace the _ with .

Note: The strings before and after the numbers can vary in length, and the number can vary too.

Many thanks,
Sam

493669 · ‎09-21-2018

Hi @samwatson45 ,
try this run anywhere search:

|makeresults|eval DB="HR_10_7_3043_TGTHRLIVE"|rex field=DB "^[A-Za-z]+_(?<DB_Version>\w+)_\w+"| eval DB_Version=replace(DB_Version,"_",".")

View solution in original post

493669 · ‎09-21-2018

Hi @samwatson45 ,
try this run anywhere search:

|makeresults|eval DB="HR_10_7_3043_TGTHRLIVE"|rex field=DB "^[A-Za-z]+_(?<DB_Version>\w+)_\w+"| eval DB_Version=replace(DB_Version,"_",".")

samwatson45 · ‎09-21-2018

Perfect thank you 🙂

Can you help me come up with a regex expression which would extract a number from a string?

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?