Re: How to split a string into multiple fields for...

pavan_bhumanapa · ‎08-01-2014

We have a scenario where we have many domains and we want to split it accordingly . Any advice would be great help .

test_corp1_osb_tid
-> product: osb
-> environment: tid
-> region: test
-> segment: corp

proc_osb_tid
-> product: osb
-> environment: tid
-> region: us
-> segment: proc

cvs_bpel_tid
-> product: bpel
-> environment: tid
-> region: us
-> segment: cvs

martin_mueller · ‎08-01-2014

Are you looking for a rex call? Your question isn't really clear on that.

... | rex field=domain "^(?:(?<region>[^_]+)_)?(?<segment>[^_]+)_(?<product>[^_]+)_(?<environment>[^_]+)$" | eval region = coalesce(region, "us") | ...

pavan_bhumanapa · ‎08-26-2014

I am able to extract these fields using lookup.

martin_mueller · ‎08-04-2014

Regex are the way to go for extracting parts of a string.

Lookups add fields to an event based on some matching fields, similar to an SQL join.

pavan_bhumanapa · ‎08-04-2014

Do we have any other solution apart from regex? like lookups. I need to pull the values from log and split the string.

EX:

<Jul 25, 2014 9:51:25 AM MYT> <Error> <WliSbCustomResources> <aussoaditapp12.us.dell.com> <apj_corp1_osb_dit_ms2>

How to split a string into multiple fields for different domains

Accelerating Observability as Code with the Splunk AI Assistant

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!

Join the Conversation

How to split a string into multiple fields for different domains

Accelerating Observability as Code with the Splunk AI Assistant

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!