Solved: Re: How to extract part of a text from log events?

jerin1982 · ‎08-02-2017

I am very new to regex and I need to extract anything that comes between "device_" and "_1_vol" as volume name.

"device_array02_im-wxs-vb004_p2_lun_215_1_vol
"device_array03_serverb_p2_lun_139_1_vol"

The below output is from the actual log

"Alert 0202 : The Read Latency of array Volume : device_array02_im-wxs-vb004_p2_lun_215_1_vol is at 125717.0 us"

I tried word boundaries but it's not working. Can someone please help me?

"(?P\bdevice\w+\b)_1_vol"

cmerriman · ‎08-02-2017

will something like this work?

device_(?<volumeName>.*)_1_vol

View solution in original post

bonnlbbelandres · ‎08-02-2017

Hi, I can't really provide the specific regex code for you. But just incase you find suggestions, you can try it out here: http://regexr.com/
Just paste your samples and see if their regex code works.

And since you are also starting to learn regex like me, that site also provide information on how to use regex.

View solution in original post

bonnlbbelandres · ‎08-02-2017

Hi, I can't really provide the specific regex code for you. But just incase you find suggestions, you can try it out here: http://regexr.com/
Just paste your samples and see if their regex code works.

And since you are also starting to learn regex like me, that site also provide information on how to use regex.

jerin1982 · ‎08-02-2017

Thank you. I will look into it.

cmerriman · ‎08-02-2017

will something like this work?

device_(?<volumeName>.*)_1_vol

jerin1982 · ‎08-02-2017

Thank you so much. It worked perfectly.

How to extract part of a text from log events?

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases