Solved: How do you use rex to slice a string up to the whi...

madisonf15 · ‎08-03-2016

I have a string called PGM_NM. The contents of PGM_NM are "AE248 \AX0\AX0". I want to use the rex function to slice the PGM_NM string to just be AE248. So essentially I want to slice the string up to the whitespace. Thanks!

muebel · ‎08-03-2016

Hi madisonf15,

This should work:

<generating search> | rex field=PGM_NM "(?<value>[\S]+)\s.*"

Please let me know if this answers your question!

View solution in original post

somesoni2 · ‎08-03-2016

Other options

your base search | eval PGM_NM=mvindex(split,PGM_NM," "),0) 

your base search | eval PGM_NM=replace(PGM_NM,"^(\S+)(.*)","\1")

muebel · ‎08-03-2016

Hi madisonf15,

This should work:

<generating search> | rex field=PGM_NM "(?<value>[\S]+)\s.*"

Please let me know if this answers your question!

madisonf15 · ‎08-03-2016

I used PGM_NM as the value and it worked perfectly. Thank you very much!

How do you use rex to slice a string up to the white space

Building Reliable Asset and Identity Frameworks in Splunk ES

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

Automatic Discovery Part 3: Practical Use Cases

Are you a member of the Splunk Community?

How do you use rex to slice a string up to the white space

Building Reliable Asset and Identity Frameworks in Splunk ES

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

Automatic Discovery Part 3: Practical Use Cases