Solved: Re: How to extract part of a text from log events?

jerin1982 · ‎08-02-2017

I am very new to regex and I need to extract anything that comes between "device_" and "_1_vol" as volume name.

"device_array02_im-wxs-vb004_p2_lun_215_1_vol
"device_array03_serverb_p2_lun_139_1_vol"

The below output is from the actual log

"Alert 0202 : The Read Latency of array Volume : device_array02_im-wxs-vb004_p2_lun_215_1_vol is at 125717.0 us"

I tried word boundaries but it's not working. Can someone please help me?

"(?P\bdevice\w+\b)_1_vol"

cmerriman · ‎08-02-2017

will something like this work?

device_(?<volumeName>.*)_1_vol

View solution in original post

bonnlbbelandres · ‎08-02-2017

Hi, I can't really provide the specific regex code for you. But just incase you find suggestions, you can try it out here: http://regexr.com/
Just paste your samples and see if their regex code works.

And since you are also starting to learn regex like me, that site also provide information on how to use regex.

View solution in original post

bonnlbbelandres · ‎08-02-2017

Hi, I can't really provide the specific regex code for you. But just incase you find suggestions, you can try it out here: http://regexr.com/
Just paste your samples and see if their regex code works.

And since you are also starting to learn regex like me, that site also provide information on how to use regex.

jerin1982 · ‎08-02-2017

Thank you. I will look into it.

cmerriman · ‎08-02-2017

will something like this work?

device_(?<volumeName>.*)_1_vol

jerin1982 · ‎08-02-2017

Thank you so much. It worked perfectly.

How to extract part of a text from log events?

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms