I am using multiple capturing groups in regex and extracting the value of multiple groups to same field.
I have defined a field extraction to extract values of group1, group2 and group3 to one field ( say field1 ). Now If some data matched above regex (say group2 is matched), its value is extracted to field1. At this point I know that one of the first 3 groups matched. But is there a way to find out which group matched out of the first 3 groups? I had to extract multiple group values to a single field because all those groups can contain similar data and all the groups does not get logged in one log statement. Also there are so many capturing groups and I don't want to have separate field extraction for each group.
Assuming Splunk has the regex library configured to allow for duplicate subpattern names in a single regex (and I assume they do, but don't know this for a fact), then you could extract the field named common_name either as "a+" or "b+" -- but in the "a+" case we would also extract "unique1", and in the "b+" case we would also extract "unique2". This is taking advantage of some oddities of the regex engine.
Fun fact: This is also a semi-reasonable approach to replacing some instances of FIELDALIAS and some edge cases for EVAL
I'm dubious about your statement that you had to. It sounds like you chose to, and then you found that your choice has caused a problem you didn't anticipate.
In essence, you are probably going to have to query the field to figure out what's in it, which would be more intuitive if you just extracted it into separate fields with the similar data named similarly and the different data named differently for each potential format.