Solved: How to extract container name and ID from a log us...

pavanmishra0102 · ‎08-31-2020

(Item Id: 45) Container Name: Abc Admin Accounts (Container Id: 19) suid=1

need to extract Container name & Container id from the above partial log posted here using regex. Kindly help. Thanks in advance

rnowitzki · ‎08-31-2020

Hi @pavanmishra0102 ,

This should do it:

Container\sName:\s(?<container_name>.*)\((?<=\()Container\sId:\s(?<container_id>\d+)\)

BR
Ralph
--
Karma and/or Solution tagging appreciated.

--
Karma and/or Solution tagging appreciated.

View solution in original post

rnowitzki · ‎08-31-2020

Hi @pavanmishra0102 ,

This should do it:

Container\sName:\s(?<container_name>.*)\((?<=\()Container\sId:\s(?<container_id>\d+)\)

BR
Ralph
--
Karma and/or Solution tagging appreciated.

--
Karma and/or Solution tagging appreciated.

isoutamo · ‎08-31-2020

Hi

this helps you:

index=_internal
| head 1
| eval _raw ="(Item Id: 45) Container Name: Abc Admin Accounts (Container Id: 19) suid=1"
| rename COMMENT "Previous sets sample data, next line select values"
| rex "Container Name: (?<CName>[^\(]+)\(Container Id: (?<CId>\d+)"

r. Ismo

How to extract container name and ID from a log using regex?

regex

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life