Solved: How Do I Extract The End of String

IRHM73 · ‎04-11-2016

Hi, I wonder whether someone may be able to help me please.

From a field called 'detail.input' there are two potential outputs as shown below:

Request to /for/submissions/1234567890 and Request to /for/savedforlater/9876543210

What I'd like to do is extract the number at the end of the string.

I'd thought about using a regex, but because of the difference in the string, i.e. "submissions" as opposed to "savedforlater", I wasn't sure whether this could be done, so I wondered if I could the 'str' and 'len' commands.

I know how to omit the end of the character string, but I was wondering whether someone may be able to provide some guidance please how I can extract the end of the character string.

Many thanks and kind regards

Chris

javiergn · ‎04-12-2016

Something like this should do the trick (not tested):

rex "\/(?<mynumber>\d+)$"

If the number is not the last part of your string then I can provide something different.

View solution in original post

javiergn · ‎04-12-2016

Something like this should do the trick (not tested):

rex "\/(?<mynumber>\d+)$"

If the number is not the last part of your string then I can provide something different.

IRHM73 · ‎04-12-2016

Hi @javiergn, thank you for taking the time to reply to my post.

The solution works great, but so that I can improve my understanding, could you perhaps explain what the rex is doing?

Many thanks and kind regards

Chris

ziegfried · ‎04-12-2016

Check out the explanation here: https://regex101.com/r/eY4cN2/1 (tab on the right hand side)

IRHM73 · ‎04-12-2016

Ah, thanks for that @ziegfried.

How Do I Extract The End of String

Developer Spotlight with Paul Stout

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

Data-Driven Success: Splunk & Financial Services