Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do i extract field usinng regex .

bpot
Engager
‎09-11-2020 07:12 AM

Hi all,

I'm new to splunk and i had hard time extracting fields  using regex for the following example :
Class (six, seven)

Can someone help me with the above example , i want class as a field name and six,seven as two values for the field class.

Thanks for the help in Advance.

Labels (4)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

thambisetty
SplunkTrust
SplunkTrust
‎09-11-2020 07:53 AM

| rex "Class\s+\((?<Class>[^\)]+)"

| makemv Class delim=","

| mvexpand Class

————————————
If this helps, give a like below.

View solution in original post

Reply
Solved! Jump to solution
Solution

thambisetty
SplunkTrust
SplunkTrust
‎09-11-2020 07:53 AM

| rex "Class\s+\((?<Class>[^\)]+)"

| makemv Class delim=","

| mvexpand Class

————————————
If this helps, give a like below.
Reply
Solved! Jump to solution

isoutamo
SplunkTrust
SplunkTrust
‎09-11-2020 10:12 AM

Good place to test these is https://regex101.com/

r. Ismo

0 Karma
Reply
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

New This Month - Observability Updates Give Extended Visibility and Improve User ...

This month is a collection of special news! From Magic Quadrant updates to AppDynamics integrations to ...

Intro to Splunk Synthetic Monitoring

In our last post, we mentioned that the 3 key pieces of observability – metrics, logs, and traces – provide ...