Splunk Search

How to extract a number from a line of my sample data to a new field?

New Member

Hello

I have this line of data: "Found [40] settings to update" , I can search this with this regex:

regex Action="Found \[\d{1,3}\] settings to update"

I need to extract the number in a new field. Is there any way to do this?.

Thank you.

0 Karma
1 Solution

Motivator

Hello

Just use this rex command in your search string:

... | rex "Found\s\[(?<yournewfield>[^\]]*)\]" | ...

Regards

View solution in original post

Motivator

Hello

Just use this rex command in your search string:

... | rex "Found\s\[(?<yournewfield>[^\]]*)\]" | ...

Regards

View solution in original post

New Member

Work

Thank you!!.

0 Karma
Don’t Miss Global Splunk
User Groups Week!

Free LIVE events worldwide 2/8-2/12
Connect, learn, and collect rad prizes and swag!