Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to extract certain words and exclude words from string?

marinella26
Explorer
‎07-09-2023 11:05 PM

Hello,

I want to extract certain words only and exclude that comes after numbers.

ex.
Apple12ed
Apple456ppp
Orange234iw
Banana7ye

expected result:
Apple 
Orange 
Banana 

I have tried below, but the each string has different numbers and words, so the result is not correct.

| eval Fruits = substr(Fruits, 1, len(Fruits)-4)

incorrect Result:
Apple
Apple45
Orange2
Banan


Thanks in advance.

Labels (7)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎07-09-2023 11:23 PM

Hi @marinella26 ,

I suppose that the words to extract are in a field, so you can use the rex command to extract the word in each field, something like this:

<your_Search>
| rex field=your_field "^(?<word>[A-Za-z]*)"
| table word

Ciao.

Giuseppe

View solution in original post

Reply
Solved! Jump to solution

marinella26
Explorer
‎07-09-2023 11:10 PM

There are more than 100 strings, so it is not ideal to use <eval> to create each strings.

 

0 Karma
Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎07-09-2023 11:23 PM

Hi @marinella26 ,

I suppose that the words to extract are in a field, so you can use the rex command to extract the word in each field, something like this:

<your_Search>
| rex field=your_field "^(?<word>[A-Za-z]*)"
| table word

Ciao.

Giuseppe

Reply
Solved! Jump to solution

duesser
Path Finder
‎07-10-2023 11:50 PM

Maybe using

 

 

 

^(?P<word>[a-zA-Z]+)(?=\d)

 

 

 

would be more exact, as it does not return an empty match on strings that do not start with a letter such as "_Apple". Furthermore, it makes sure the word is followed by a digit and does not match "Apple_" for example.

Reply
Solved! Jump to solution

marinella26
Explorer
‎07-10-2023 11:38 PM

@gcusello It worked!! Thank you so much.

0 Karma
Reply
Get Updates on the Splunk Community!

Wrapping Up Cybersecurity Awareness Month

October might be wrapping up, but for Splunk Education, cybersecurity awareness never goes out of season. ...

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

&#x1f5e3; You Spoke, We Listened  Audit Trail v2 wasn’t written in isolation—it was shaped by your voices.  In ...

What's New in Splunk Observability - October 2025

What’s New?    We’re excited to announce the latest enhancements to Splunk Observability Cloud and share ...