Splunk Search

How to trim a string to a new field

anasshsa
Engager

Hello,
I cannot figure out the syntax of the rex function. I have a field called data multiple email addresses: eample@blahblah.com. ODY=7BIT

I need to create a new field where just @blabla.com without the rest of data from the begining or the ending of the filed.

0 Karma

woodcock
Esteemed Legend

Like this:

... | rex field=data "^[^@]*@(?<capture>[^\.]+)"
0 Karma

vnravikumar
Champion
0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!