Solved: Re: How to extract all matching values from an ev...

john · ‎05-05-2012

Hi,

iam trying to extract certain values from my log files which i have given below
1st event
at x.x.x.x.x.x(1)
at x.x.x.x.x.x.x.x(2)
at X.x.x.x.x.x.x.x.xx(3)
...........
2nd event
at x.x.x.x.x.x(4)
at x.x.x.x.x.x.x.x(5)
at X.x.x.x.x.x.x.x.xx(6)
...............
.........
The issue iam facing is iam getting only first line of every event starting with "at", not the all lines in one event itself.I want all the values after "at" in each events"
the output iam getting is like this

x.x.x.x.x.x(1)
x.x.x.x.x.x.x.x(5)

This is the regex iam using

rex field=_raw "at\s(?.*)\s"

Ayn · ‎05-05-2012

rex only matches one time by default. This behaviour is controlled by the max_match parameter, so if you want more matches just set it to something higher:

... | rex max_match=10 field=_raw "at\s(?<value>.*?)\s"

View solution in original post

Ayn · ‎05-05-2012

rex only matches one time by default. This behaviour is controlled by the max_match parameter, so if you want more matches just set it to something higher:

... | rex max_match=10 field=_raw "at\s(?<value>.*?)\s"

john · ‎05-06-2012

Thanks Ayn,Its working fine..........

How to extract all matching values from an event using regex

Introduction to Splunk AI

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Maximizing the Value of Splunk ES 8.x

Are you a member of the Splunk Community?

How to extract all matching values from an event using regex

Introduction to Splunk AI

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Maximizing the Value of Splunk ES 8.x