Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Does SEDCMD use PCRE regular expressions?

gkanapathy
Splunk Employee
Splunk Employee
‎03-03-2010 03:45 PM

I know that in general, regular expressions in Splunk use PCRE (or a modified PCRE for matching in props.conf source stanza headings). If I set SEDCMD in props.conf, e.g.:

SEDCMD-example = s/regex/subst/g

is the regex also PCRE? Standard sed uses grep or egrep regexes, not PCRE, so this isn't entirely clear.

Tags (2)
Reply
1 Solution
Solved! Jump to solution
Solution

Ledion_Bitincka
Splunk Employee
Splunk Employee
‎03-15-2010 10:25 PM

SEDCMD uses PCRE regex and thus is equivalent to sed -r

props.conf.spec
SEDCMD-<class> = <sed script>
....
* Syntax:
 * replace    - s/regex/replacement/flags
  * where regex is a perl regex (optionally containing capturing groups)
  * replacement is a string to replace the regex match, use \N for backreferences
  * flags can be either: g to replace all matches or a number to replace a specified match
 * substitute - y/string1/string2/
  * substitutes the string1[i] with string2[i]

View solution in original post

Reply
Solved! Jump to solution
Solution

Ledion_Bitincka
Splunk Employee
Splunk Employee
‎03-15-2010 10:25 PM

SEDCMD uses PCRE regex and thus is equivalent to sed -r

props.conf.spec
SEDCMD-<class> = <sed script>
....
* Syntax:
 * replace    - s/regex/replacement/flags
  * where regex is a perl regex (optionally containing capturing groups)
  * replacement is a string to replace the regex match, use \N for backreferences
  * flags can be either: g to replace all matches or a number to replace a specified match
 * substitute - y/string1/string2/
  * substitutes the string1[i] with string2[i]
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...