Splunk Search
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- How Do I Extract The End of String
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
IRHM73
Motivator
04-11-2016
11:59 PM
Hi, I wonder whether someone may be able to help me please.
From a field called 'detail.input' there are two potential outputs as shown below:
Request to /for/submissions/1234567890 and Request to /for/savedforlater/9876543210
What I'd like to do is extract the number at the end of the string.
I'd thought about using a regex, but because of the difference in the string, i.e. "submissions" as opposed to "savedforlater", I wasn't sure whether this could be done, so I wondered if I could the 'str' and 'len' commands.
I know how to omit the end of the character string, but I was wondering whether someone may be able to provide some guidance please how I can extract the end of the character string.
Many thanks and kind regards
Chris
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
javiergn
Super Champion
04-12-2016
12:15 AM
Something like this should do the trick (not tested):
rex "\/(?<mynumber>\d+)$"
If the number is not the last part of your string then I can provide something different.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
javiergn
Super Champion
04-12-2016
12:15 AM
Something like this should do the trick (not tested):
rex "\/(?<mynumber>\d+)$"
If the number is not the last part of your string then I can provide something different.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
IRHM73
Motivator
04-12-2016
12:37 AM
Hi @javiergn, thank you for taking the time to reply to my post.
The solution works great, but so that I can improve my understanding, could you perhaps explain what the rex is doing?
Many thanks and kind regards
Chris
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ziegfried
Influencer
04-12-2016
01:07 AM
Check out the explanation here: https://regex101.com/r/eY4cN2/1 (tab on the right hand side)
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
IRHM73
Motivator
04-12-2016
01:09 AM
Ah, thanks for that @ziegfried.
Get Updates on the Splunk Community!
Splunk App for Anomaly Detection End of Life Announcment
Q: What is happening to the Splunk App for Anomaly Detection?A: Splunk is officially announcing the ...
Aligning Observability Costs with Business Value: Practical Strategies
Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...
Mastering Data Pipelines: Unlocking Value with Splunk
In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...
