Solved: Can you help me with my regex expression?

pench2k19 · ‎02-25-2019

Hi Team,

I'm struggling to get the regex expression for the following values. I want to capture the text before the first _ symbol into one field and after the _symbol value into another field. I need a common expression that works for all.

broadridge_endur_exch_trades_parent
1end_endur_exch_trades_parent
1end_endur_comp_trades_parent
1img_img_gl_000
1img_gl
1gmi_GNACMFF1
1lst_agr_trd
epx_epx_afs_file
fxcal_balance_report

I am using the following expression, but it's not working

rex field=Datafeed_name "^(?\w{3,10})_(?\w+)$"

Can you please help?

@vnravikumar @jakt54

FrankVl · ‎02-25-2019

\w includes _, that is where your attempt fails.

Try this; "^(?<field1>[^_]+)_(?<field2>\w+)$"

https://regex101.com/r/y5JIIB/1

View solution in original post

FrankVl · ‎02-25-2019

\w includes _, that is where your attempt fails.

Try this; "^(?<field1>[^_]+)_(?<field2>\w+)$"

https://regex101.com/r/y5JIIB/1

pench2k19 · ‎02-25-2019

thanks for the quick turn around mate...will check and confirm

Can you help me with my regex expression?

.conf25 Community Recap

Splunk App Developers | .conf25 Recap & What’s Next

Congratulations to the 2025-2026 SplunkTrust!

Are you a member of the Splunk Community?

Can you help me with my regex expression?

.conf25 Community Recap

Splunk App Developers | .conf25 Recap & What’s Next

Congratulations to the 2025-2026 SplunkTrust!