Splunk Search
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to extract language field

martin_mueller
SplunkTrust
SplunkTrust
‎11-25-2014 07:01 AM

Converted from http://answers.splunk.com/answers/193524/how-to-write-a-search-to-return-events-with-a-vari.html

Hi,

i want to extract this field language:

language:ru-ru

can you please help me what regular expression should i write?

Thanks,
Snabel

Reply
1 Solution
Solved! Jump to solution
Solution

martin_mueller
SplunkTrust
SplunkTrust
‎11-25-2014 07:01 AM

Try this:

language:(?<language>\w+-?\w*)

In the long run you should consider setting up key-value extraction around the colon instead of the equals sign.

View solution in original post

Reply
Solved! Jump to solution
Solution

martin_mueller
SplunkTrust
SplunkTrust
‎11-25-2014 07:01 AM

Try this:

language:(?<language>\w+-?\w*)

In the long run you should consider setting up key-value extraction around the colon instead of the equals sign.

Reply
Get Updates on the Splunk Community!

Exciting News: The AppDynamics Community Joins Splunk!

Hello Splunkers,   I’d like to introduce myself—I’m Ryan, the former AppDynamics Community Manager, and I’m ...

Buttercup Games: Further Dashboarding Techniques (Part 3)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...

Digital Resilience Assessment Launch | How prepared are you for disruption?

Disruption is inevitable. The question is – how prepared are you to handle it? In today’s fast-moving digital ...
Top