Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Help with regex for a highly confusing field extraction

vtsguerrero
Contributor
‎10-22-2014 05:36 AM

Hello guys!
I know Splunk has a REGEX helper, but in this case, I have an amount of data wich is almost binary, take a look at one event row:
Foreach 38 substr I should have a new extracted field and it's also important to consider these two "blank spaces" when they found else consider numbers but always in a 38 sequence starting after XX01, in the original data I don't have the ** to mark the beggining of each field, just used it to show my problem...

2014-10-2210:13:19XX01*0003 000000650000006000000000000000000004 00000000000000000000000200000000*0005 000000000000000000000005000000000007010000001700000017000000000000000000080100000024000000230000000000000000000901000000060000000600000000000000000011010000001300000011000000010000000000120100000006000000060000000000000000001301000000060000000700000001000000000013 0000000100000001000000000000000000150100000061000000610000000000000000001511000000670000006700000000000000000015 00000149000001480000000100000000

Thanks in advance if anybody has a hint on this.
Bst Rgrds!

Tags (2)
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎10-22-2014 05:55 AM

Try this:

... | rex max_match=0 "[A-Z]{2}[0-9]{2}(?<sub38>([\d ]{38})" | ...

This will give you a multivalue variable with all of the matches.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...