Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do you create a regex expression which creates a field and returns text after a backslash?

synking
Explorer
‎10-22-2018 06:19 AM

Hey,

i need assistance in trying to figure out how to create a field and extract the text after that. I am not sure how to go about doing this. i have looked in the documentation and on here for questions that are similar, but nothing i try seems to work. Basically, in the logs I am searching, there is a string: 

SERVERNAME\USERNAME

I want to create a field called username from the above entry. There is always a space after and before those two words and always the backslash. Here is what i have so far:

rex field=_raw "SERVERNAME\\:\s+(?<USERNAME>[^\s]+)"

But, I am not sure what i am doing wrong. Any help is gladly accepted. Thanks.

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

493669
Super Champion
‎10-22-2018 06:25 AM

@synking, try this:

|rex "SERVERNAME\s\\\s(?<username>[^\s]+)"

View solution in original post

Reply
Solved! Jump to solution
Solution

493669
Super Champion
‎10-22-2018 06:25 AM

@synking, try this:

|rex "SERVERNAME\s\\\s(?<username>[^\s]+)"
Reply
Solved! Jump to solution

synking
Explorer
‎10-22-2018 06:46 AM

Wait nvm it worked I was just putting it in the wrong field.

0 Karma
Reply
Solved! Jump to solution

synking
Explorer
‎10-22-2018 06:34 AM

Thanks but even when i try that it does not seem to work. I get the search to complete but it shows everything in every log.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...