Splunk Search
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- How to extract a string using regex?
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
AbubakarShahid
New Member
03-23-2018
09:07 AM
Hello all,
I am trying to write a regex to extract a string out an interesting field that I have already created and wanted to extract a string out by using regex.
I created a table that displays 4 different columns and from one of the column, I want to extract out "Message accepted for delivery" and put it into a new column. is there a way to do that. Much appreciate it.
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
damiensurat
Contributor
03-23-2018
09:49 AM
You sure can. But before I get into it, here's a site that can help with your regex expression extractions:
https://regex101.com/
It would be better if you supplied the whole string in the field containing "Message accepted for delivery", as well as your search, as I can better answer this question with those provided, but this rex should do the trick:
yoursearch | rex field=fieldContainingYourMessage "(?<Message1>Message accepted for delivery)"
What the search above will do will provide you with a new field called Message1 and the content/values will be "Message accepted for delivery"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
damiensurat
Contributor
03-23-2018
09:49 AM
You sure can. But before I get into it, here's a site that can help with your regex expression extractions:
https://regex101.com/
It would be better if you supplied the whole string in the field containing "Message accepted for delivery", as well as your search, as I can better answer this question with those provided, but this rex should do the trick:
yoursearch | rex field=fieldContainingYourMessage "(?<Message1>Message accepted for delivery)"
What the search above will do will provide you with a new field called Message1 and the content/values will be "Message accepted for delivery"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
skoelpin
SplunkTrust
03-23-2018
09:43 AM
We can't help until there is sample data to test against
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
tiagofbmm
Influencer
03-23-2018
09:39 AM
Can you show us one sample line of your table and tell us exactly what you want to extract please?
Get Updates on the Splunk Community!
Splunk App for Anomaly Detection End of Life Announcment
Q: What is happening to the Splunk App for Anomaly Detection?A: Splunk is officially announcing the ...
Aligning Observability Costs with Business Value: Practical Strategies
Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...
Mastering Data Pipelines: Unlocking Value with Splunk
In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...
