Solved: Does SEDCMD use PCRE regular expressions?

gkanapathy · ‎03-03-2010

I know that in general, regular expressions in Splunk use PCRE (or a modified PCRE for matching in props.conf source stanza headings). If I set SEDCMD in props.conf, e.g.:

SEDCMD-example = s/regex/subst/g

is the regex also PCRE? Standard sed uses grep or egrep regexes, not PCRE, so this isn't entirely clear.

Ledion_Bitincka · ‎03-15-2010

SEDCMD uses PCRE regex and thus is equivalent to sed -r

props.conf.spec
SEDCMD-<class> = <sed script>
....
* Syntax:
 * replace    - s/regex/replacement/flags
  * where regex is a perl regex (optionally containing capturing groups)
  * replacement is a string to replace the regex match, use \N for backreferences
  * flags can be either: g to replace all matches or a number to replace a specified match
 * substitute - y/string1/string2/
  * substitutes the string1[i] with string2[i]

View solution in original post

Ledion_Bitincka · ‎03-15-2010

SEDCMD uses PCRE regex and thus is equivalent to sed -r

props.conf.spec
SEDCMD-<class> = <sed script>
....
* Syntax:
 * replace    - s/regex/replacement/flags
  * where regex is a perl regex (optionally containing capturing groups)
  * replacement is a string to replace the regex match, use \N for backreferences
  * flags can be either: g to replace all matches or a number to replace a specified match
 * substitute - y/string1/string2/
  * substitutes the string1[i] with string2[i]

Does SEDCMD use PCRE regular expressions?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Join the Conversation