Join the Conversation
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- How to extract a string using regex?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello all,
I am trying to write a regex to extract a string out an interesting field that I have already created and wanted to extract a string out by using regex.
I created a table that displays 4 different columns and from one of the column, I want to extract out "Message accepted for delivery" and put it into a new column. is there a way to do that. Much appreciate it.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You sure can. But before I get into it, here's a site that can help with your regex expression extractions:
https://regex101.com/
It would be better if you supplied the whole string in the field containing "Message accepted for delivery", as well as your search, as I can better answer this question with those provided, but this rex should do the trick:
yoursearch | rex field=fieldContainingYourMessage "(?<Message1>Message accepted for delivery)"
What the search above will do will provide you with a new field called Message1 and the content/values will be "Message accepted for delivery"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You sure can. But before I get into it, here's a site that can help with your regex expression extractions:
https://regex101.com/
It would be better if you supplied the whole string in the field containing "Message accepted for delivery", as well as your search, as I can better answer this question with those provided, but this rex should do the trick:
yoursearch | rex field=fieldContainingYourMessage "(?<Message1>Message accepted for delivery)"
What the search above will do will provide you with a new field called Message1 and the content/values will be "Message accepted for delivery"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We can't help until there is sample data to test against
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can you show us one sample line of your table and tell us exactly what you want to extract please?
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Observability Simplified: Combining User Experience, Application Performance & ...
Event Series May & June: From Network Visibility to Service Intelligence
Global Splunk User Group Events: May + June 2026
