Re: How to split a string into multiple fields for...

pavan_bhumanapa · ‎08-01-2014

We have a scenario where we have many domains and we want to split it accordingly . Any advice would be great help .

test_corp1_osb_tid
-> product: osb
-> environment: tid
-> region: test
-> segment: corp

proc_osb_tid
-> product: osb
-> environment: tid
-> region: us
-> segment: proc

cvs_bpel_tid
-> product: bpel
-> environment: tid
-> region: us
-> segment: cvs

martin_mueller · ‎08-01-2014

Are you looking for a rex call? Your question isn't really clear on that.

... | rex field=domain "^(?:(?<region>[^_]+)_)?(?<segment>[^_]+)_(?<product>[^_]+)_(?<environment>[^_]+)$" | eval region = coalesce(region, "us") | ...

pavan_bhumanapa · ‎08-26-2014

I am able to extract these fields using lookup.

martin_mueller · ‎08-04-2014

Regex are the way to go for extracting parts of a string.

Lookups add fields to an event based on some matching fields, similar to an SQL join.

pavan_bhumanapa · ‎08-04-2014

Do we have any other solution apart from regex? like lookups. I need to pull the values from log and split the string.

EX:

<Jul 25, 2014 9:51:25 AM MYT> <Error> <WliSbCustomResources> <aussoaditapp12.us.dell.com> <apj_corp1_osb_dit_ms2>

How to split a string into multiple fields for different domains

Splunk App for Anomaly Detection End of Life Announcment

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

Are you a member of the Splunk Community?

How to split a string into multiple fields for different domains

Splunk App for Anomaly Detection End of Life Announcment

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk