Splunk Search

How to extract part of a text from log events?

jerin1982
New Member

I am very new to regex and I need to extract anything that comes between "device_" and "_1_vol" as volume name.

"device_array02_im-wxs-vb004_p2_lun_215_1_vol
"device_array03_serverb_p2_lun_139_1_vol"

The below output is from the actual log

"Alert 0202 : The Read Latency of array Volume : device_array02_im-wxs-vb004_p2_lun_215_1_vol is at 125717.0 us"

I tried word boundaries but it's not working. Can someone please help me?

"(?P\bdevice\w+\b)_1_vol"

Tags (1)
0 Karma
2 Solutions

cmerriman
Super Champion

will something like this work?

device_(?<volumeName>.*)_1_vol

View solution in original post

bonnlbbelandres
Path Finder

Hi, I can't really provide the specific regex code for you. But just incase you find suggestions, you can try it out here: http://regexr.com/
Just paste your samples and see if their regex code works.

And since you are also starting to learn regex like me, that site also provide information on how to use regex.

View solution in original post

0 Karma

bonnlbbelandres
Path Finder

Hi, I can't really provide the specific regex code for you. But just incase you find suggestions, you can try it out here: http://regexr.com/
Just paste your samples and see if their regex code works.

And since you are also starting to learn regex like me, that site also provide information on how to use regex.

0 Karma

jerin1982
New Member

Thank you. I will look into it.

0 Karma

cmerriman
Super Champion

will something like this work?

device_(?<volumeName>.*)_1_vol

jerin1982
New Member

Thank you so much. It worked perfectly.

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...