Solved: How to filter events with regex?

pjanssen007 · ‎01-27-2023

I'm trying to filter out events like the ones below using the regex expression

regex _raw!="^[A-Za-z0-9]{4}:.*$"

but its not working. Can someone help me with this?

Events

0000: 00 025e 28:0a000c5f call 0a000c5f

0000: 04 025d 14 ldnull

007a: 00 021d de:2a leave.s :0000=>01 0249 11:07 ldloc.s 07

pjanssen007 · ‎01-27-2023

When I included the | the regex expression worked

| regex _raw!="^[A-Za-z0-9]{4}:.*$"

What function does | perform?

gcusello · ‎01-27-2023

could you better describe what you mean with " its not working"

Anyway, please try this:

| regex _raw!="[A-Za-z0-9]{4}.*$"

Ciao.

Giuseppe

pjanssen007 · ‎01-27-2023

When I included the | the regex expression worked

| regex _raw!="^[A-Za-z0-9]{4}:.*$"

What function does | perform?

gcusello · ‎01-27-2023

regex is a command stats must be located after a pipe.

Does it runs?

Ciao.

Giuseppe

pjanssen007 · ‎01-27-2023

Yes, it works correctly now. Thanks for your help.

gcusello · ‎01-27-2023

good for you, see next time!

Please accept one answer for the other people of Community

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated 😉

pjanssen007 · ‎01-27-2023

By not working I mean I don't get any results.

How to filter events with regex?