Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Facing issues in Regex of numbers

kamal_jagga
Contributor
‎11-05-2016 12:39 PM

I have the following values in the field and need to write regex for this.
Regex :(?P\d\,\d\d\d)

Input

9
19
157
1,500

Now the issue is I don't want "," to appear in the output field.
Expected output
9
19
157
1500

I am not able to find the expression to ignore the ",".

Kindly advise.

0 Karma
Reply

gokadroid
Motivator
‎11-05-2016 12:56 PM

If you have already regexed out your number in a field say "myNumberField" or the data with "," is in "myNumberField" then can you try this which will remove the "," from the field value:

your query to return myNumberField
| rex mode=sed field=myNumberField "s/,//g"
| table myNumberField
0 Karma
Reply

kamal_jagga
Contributor
‎11-05-2016 04:09 PM

The issue is i need to write this in myscript and I can only write regex expression there. So, can't write the mode.

0 Karma
Reply

gokadroid
Motivator
‎11-05-2016 05:04 PM

what script are you writing? does that scripting means doesn't give something locally for you to capture with comma first and then replace in consecutive lines of script?
Can you paste the sample code that you have written and what are trying you achieving out of it so to see if we can help.

0 Karma
Reply

kamal_jagga
Contributor
‎11-05-2016 06:39 PM

In the script, i will be using this to get the count of the events, which is being processed further.

It is easier to write capture values before and after comma in the regex and merge and use it in the script. But since this is being used for all the sourcetypes and I don't want to update script everywhere.

I am trying to look for options where I can handle it in a single regex, just be eliminating the comma.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI! Discover how Splunk’s agentic AI ...

[Puzzles] Solve, Learn, Repeat: Dereferencing XML to Fixed-length events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Stay Connected: Your Guide to December Tech Talks, Office Hours, and Webinars!

What are Community Office Hours? Community Office Hours is an interactive 60-minute Zoom series where ...