Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Splunk Search
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Re: Extract Part of Field
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
IRHM73
Motivator
10-27-2017
02:09 AM
Hi, I wonder whether someone could help me please.
I'm trying to extract a particular value from a field which is "file-upload-ready". I can manage to exclude the value but not to extract it.
This is and example of the data string:
/country-private/file-upload-ready/1d555d59-9b5f-4877-bc76-2597142e1964/9011be92-6a1b-46a6-9e56-48dfdbf36c24
Many thanks and kind regards
Chris
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
koshyk
Super Champion
10-27-2017
04:55 AM
hi,
Can you please try (assuming second block in your data is what you want)
|makeresults | eval myString="/country-private/file-upload-ready/1d555d59-9b5f-4877-bc76-2597142e1964/9011be92-6a1b-46a6-9e56-48dfdbf36c24"| rex field=myString "\/.+?\/(?<fileStatus>.+?)\/"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
koshyk
Super Champion
10-27-2017
04:55 AM
hi,
Can you please try (assuming second block in your data is what you want)
|makeresults | eval myString="/country-private/file-upload-ready/1d555d59-9b5f-4877-bc76-2597142e1964/9011be92-6a1b-46a6-9e56-48dfdbf36c24"| rex field=myString "\/.+?\/(?<fileStatus>.+?)\/"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
IRHM73
Motivator
10-27-2017
05:11 AM
Many thanks @koshyk.
Regards
Chris
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
kunalmao
Communicator
10-27-2017
02:29 AM
you can do it by using rex command,
search .... | rex field=your_field "\/(?\w+-\w+)\/"
just verify the reg ex once.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
IRHM73
Motivator
10-27-2017
02:43 AM
Hi @kunalmaom thank you for this, but unfortunately this doesn't extract any data.
Many thanks and kind regards
Chris
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
kunalmao
Communicator
10-27-2017
07:04 AM
obviously it won't , the regex is not correct 😛
Get Updates on the Splunk Community!
[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events
This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...
Enter the Agentic Era with Splunk AI Assistant for SPL 1.4
🚀 Your data just got a serious AI upgrade — are you ready?
Say hello to the Agentic Era with the ...
Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...
Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...
