Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to write regex to capture Windows 7 only?

biswa2112
Engager
‎08-05-2022 09:52 AM

Hi all,

I need to get the value Windows 7 from the below string . used something like OS[\n]+([^\n]+) , but then it captures from Value till Windows 7.  Could someone please help me in capturing only windows 7?

DeviceProperties: [ [-]
{ [-]
Name: OS
Value: Windows 7 

 

 

Labels (3)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

martinpu
Communicator
‎08-05-2022 10:02 AM 
|rex "OS\s*Value:\s*(?<OS>[^\n]+)"

Should work, it extracts the value after keywords OS\s*Value: until new line

 

View solution in original post

Reply
Solved! Jump to solution
Solution

martinpu
Communicator
‎08-05-2022 10:02 AM 
|rex "OS\s*Value:\s*(?<OS>[^\n]+)"

Should work, it extracts the value after keywords OS\s*Value: until new line

 

Reply
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...