Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Extract string and place in new field

sogeniusio
Path Finder
‎10-12-2017 09:14 AM

Trying to extract a string into a new field. A sample of log is as follows:

productName = Special Day Argyle Socks for Men (Special Day Argyle Socks Size 10-13)

| rex "productName\s=\s(?<ProductName>\s[\w\W]+)"

Not sure where to go from here. When I test within regex101, it works just fine. But when I move to Splunk i get nothing.

Update

Added this but now it doesn't stop at a new line

| rex "productName\s=\s(?<ProductName>[\w\W]+\n)"
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

sogeniusio
Path Finder
‎10-12-2017 09:48 AM

Figured it out

| rex "productName\s=\s(?<ProductName>.*)"

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

sogeniusio
Path Finder
‎10-12-2017 09:48 AM

Figured it out

| rex "productName\s=\s(?<ProductName>.*)"
0 Karma
Reply
Solved! Jump to solution

cpetterborg
SplunkTrust
SplunkTrust
‎10-12-2017 11:41 AM

I've changed your comment to an answer. Please accept your answer so that it can be noted as having been answered to your satisfaction. You should earn a badge for doing so as a result. 🙂

0 Karma
Reply
Solved! Jump to solution

sogeniusio
Path Finder
‎10-12-2017 02:50 PM

Cheers, Thanks!

0 Karma
Reply
Get Updates on the Splunk Community!

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Splunk Education Goes to Washington | Splunk GovSummit 2024

If you’re in the Washington, D.C. area, this is your opportunity to take your career and Splunk skills to the ...