Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Ask a Question

How can I extract additional fields from this source?

vinisha29
New Member
โ€Ž11-09-2017 12:16 AM

eg:
source = shuttle(Oct1-3).zip:./shuttle/5720/LOG/shuttlelog.20171002 ,shuttle3.zip:./shuttle3/5720/LOG/shuttlelog.20171011....etc
I want to extract folder _no : 5720

If possible please tell the regex expression to extract the fields
Pls help me.

Thanks

0 Karma
Reply

koshyk
Super Champion
โ€Ž11-09-2017 03:43 AM

Have a try regex of (Based on 5720 being the 2nd occurence in /)

(?:\/(.+?)){2}\/

https://regex101.com/r/kOJR7y/1

Reply