Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Extracting numbers between words

ibekacyril
Explorer
‎03-22-2016 10:04 PM

Say I have this data:

c.i.m This is just a sample 23456 Yes it is true.

My question is how do I extract 23456 and pass it to a new field since there is no key-value pair in this scenario? I would also want to do a count on the new field.

Thanks and please I would not mind some explanation on your code too.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

MuS
Legend
‎03-22-2016 11:56 PM

Hi ibekacyril,

Well, the straight approach is to get only digits matching in the regex

(?<my_number>\d+)

This will create a field called my_number and you can run a stats count(my_number) on it 😉

Next example is this one:

\w+\s(?<my_number>[^\s]+)\s

That's faster but will match This and you want the numbers ... so on to the next one

(?:\w\s)+(?<my_number>\d+)\s

a non-captureing group of one and unlimited times, as many times as possible, giving back as needed [greedy]
\w match any word character [a-zA-Z0-9_] \s match any white space character [\r\n\t\f ] but this will be slower because it will need more steps to match the result you want - Hint: www.regex101.com

c\.i\.m\sThis\sis\sjust\sa\ssample\s(?<my_number>\d+)\s

almost as fast as the first one, but it take a bit more steps to match

There almost endless possibilities for regex to match, but you want the most efficient one - use regex101.com and learn how to use regex 😉

Hope this helps ...

cheers, MuS

View solution in original post

Reply
Solved! Jump to solution
Solution

MuS
Legend
‎03-22-2016 11:56 PM

Hi ibekacyril,

Well, the straight approach is to get only digits matching in the regex

(?<my_number>\d+)

This will create a field called my_number and you can run a stats count(my_number) on it 😉

Next example is this one:

\w+\s(?<my_number>[^\s]+)\s

That's faster but will match This and you want the numbers ... so on to the next one

(?:\w\s)+(?<my_number>\d+)\s

a non-captureing group of one and unlimited times, as many times as possible, giving back as needed [greedy]
\w match any word character [a-zA-Z0-9_] \s match any white space character [\r\n\t\f ] but this will be slower because it will need more steps to match the result you want - Hint: www.regex101.com

c\.i\.m\sThis\sis\sjust\sa\ssample\s(?<my_number>\d+)\s

almost as fast as the first one, but it take a bit more steps to match

There almost endless possibilities for regex to match, but you want the most efficient one - use regex101.com and learn how to use regex 😉

Hope this helps ...

cheers, MuS

Reply
Solved! Jump to solution

ibekacyril
Explorer
‎03-23-2016 05:53 AM

Thank you so much, especially with the regex101.com. The steps you gave equally helped.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...