Solved: How to extract numbers correctly

pomazanelvira · ‎03-19-2020

Hi!
I have this field in my log: callerSipNumber="18121710_text". How should I extract "18121710" and name it "number"?
I've tried |rex field=callerSipNumber "((?)[_\w+])". But it didn't give anything. Thanks a lot!

richgalloway · ‎03-19-2020

| rex field=callerSipNumber "(?<number>\d+)" will do it.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

vnravikumar · ‎03-19-2020

Hi

Try this

| makeresults 
| eval test="callerSipNumber=\"18121710_text\"" 
| rex field=test "callerSipNumber=\"(?P<result>[\d]+)"

pomazanelvira · ‎03-19-2020

thank u for "makeresults" function

richgalloway · ‎03-19-2020

| rex field=callerSipNumber "(?<number>\d+)" will do it.

---
If this reply helps you, Karma would be appreciated.

pomazanelvira · ‎03-19-2020

thanks a lot!

How to extract numbers correctly

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

Join the Conversation