Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How can I extract additional fields from this source?

vinisha29
New Member
‎11-09-2017 12:16 AM

eg:
source = shuttle(Oct1-3).zip:./shuttle/5720/LOG/shuttle_log.20171002 ,shuttle_3.zip:./shuttle_3/5720/LOG/shuttle_log.20171011....etc
I want to extract folder _no : 5720

If possible please tell the regex expression to extract the fields
Pls help me.

Thanks

0 Karma
Reply

koshyk
Super Champion
‎11-09-2017 03:43 AM

Have a try regex of (Based on 5720 being the 2nd occurence in /)

(?:\/(.+?)){2}\/

https://regex101.com/r/kOJR7y/1

Reply
Get Updates on the Splunk Community!

Update Your SOAR Apps for Python 3.13: What Community Developers Need to Know

To Community SOAR App Developers - we're reaching out with an important update regarding Python 3.9's ...

October Community Champions: A Shoutout to Our Contributors!

As October comes to a close, we want to take a moment to celebrate the people who make the Splunk Community ...

Automatic Discovery Part 2: Setup and Best Practices

In Part 1 of this series, we covered what Automatic Discovery is and why it’s critical for observability at ...