Solved: Dynamically extract the field at nth position

harshal_chakran · ‎12-19-2013

Hi,
I have a log, where I want to extract some specific value. My log file sample as follows:

111,0,0,0,0,0,0,0,0,12,13,14,15,16,17,18

222,0,0,0,0,0,0,0,0,22,23,24,25,26,27,28

333,0,0,0,0,0,0,0,0,32,33,34,35,36,37,38

I want to extract the field at 12th position i.e "14" from row1, "24 from row2" and "34" from row3, and show them in list output.
I have used rex method, where I have defined "\d+" 12th times to get the value from list which makes the search query very large. Is it possible that I can dynamically assign a variable to the nth position, instead of writing "\d+" n times?

gfuente · ‎12-19-2013

You can do it this way

(\d+,){11}(?< field >\d+)

*Remove the blanks before and after the brackets

Regards

View solution in original post

gfuente · ‎12-19-2013

You can do it this way

(\d+,){11}(?< field >\d+)

*Remove the blanks before and after the brackets

Regards

Dynamically extract the field at nth position

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?