Solved: Re: Extract Two Characters before last set of numb...

jenkinsta · ‎06-15-2023

Tried many variations but just cant get it right.

Example Data:
onetwoap321.site
onethreap3ua.somesite
oneforpd210.site
one3ninaw1u.site

The string may or may not have characters after the last set of numbers. There may be another number but will be seperated by at least 2 letters before the last set of numbers.

{string}{number optional}{2 letters}{number}{optional characters}{may or may not have . at end}

The two letters is what I want to capture in a field called Code.

| rex field=Name "^(?<Code>[^.]+)"

Thanks for any help.

ITWhisperer · ‎06-15-2023

| rex field=Name ".*(?<Code>[a-zA-Z]{2})\d"

View solution in original post

ITWhisperer · ‎06-15-2023

| rex field=Name ".*(?<Code>[a-zA-Z]{2})\d"

jenkinsta · ‎06-15-2023

I was so close at one point but didnt have the trailing \d. Thanks so much

How to extract two characters before last set of numbers in a string?

regex

rex

Splunk Observability for AI

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Splunk Observability as Code: From Zero to Dashboard

Are you a member of the Splunk Community?

How to extract two characters before last set of numbers in a string?

regex

rex

Splunk Observability for AI

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Splunk Observability as Code: From Zero to Dashboard