Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to write regex to extract all values for a field at search time?

royimad
Builder
‎08-19-2014 04:10 AM

Hello Guys,

I have the following log, and i need to extract all the TagID. I have wrote this regular expression but it only extract the first TagID

| rex "(?i)(TagID){(?P\w+)}"

Tue Aug 19 2014 04:47:18,515 EDT DEBUG wmservice.business.mobilehospital - [saveDeviceRead2 - HM10042 - roy.imad] Method invoked with parameters : [username]{roy.imad}[deviceId]{HM10042}[macAddress]{XXXX-xxxxx-xxxxx-xxxxxx-xxx}[readPacket]{(TagID){E0040100206E6349}|(TagID){E0040100206E7BA7}|(TagID){E0040100206E7917}|(TagID){E0040100206E7BF7}|(TagID){E0040100206E7BAF}|(TagID){E0040100206E7967}|(TagID){E0040100206E64A1}|(TagID){E0040100206E90F4}|(TagID){E0040100206E64A9}|(TagID){E0040100206E796F}|(TagID){E0040100206E791F}|(TagID){E0040100206E90FC}}[readMode]{A}[updateEventInfo]{(Disposition){}(RGA){}(PO){}(SO){}(DetailDisposition){}(EncounterID){null}(DestinationID){}(ReturnID){null}(DispositionFlag){false}(RGAFlag){false}(POFlag){false}(SOFlag){false}(DetailDispositionFlag){false}(EncounterIDFlag){false}(DestinationIDFlag){false}(ReturnIDFlag){false}}[createAudit]{true}[auditInfo]{(EndpointID){RU00014GN1}(Signature){}(ImageSignature){null}(SignerName){null}(Comment){}}

Reply
1 Solution
Solved! Jump to solution
Solution

MuS
Legend
‎08-19-2014 04:37 AM

Hi royimad,

try something like this:

 | rex "\(TagID\)\{(?<tagid>\w+)\}"

tested and working on http://regexr.com/v1/ with your provided event example...

cheers, MuS

View solution in original post

Reply
Solved! Jump to solution
Solution

MuS
Legend
‎08-19-2014 04:37 AM

Hi royimad,

try something like this:

 | rex "\(TagID\)\{(?<tagid>\w+)\}"

tested and working on http://regexr.com/v1/ with your provided event example...

cheers, MuS

Reply
Solved! Jump to solution

MuS
Legend
‎08-19-2014 04:49 AM

working on that in your other question 😉 ....

Reply
Solved! Jump to solution

royimad
Builder
‎08-19-2014 04:46 AM

I just want to count the number of occurrence of the word TagID, is that feasible ?

0 Karma
Reply
Solved! Jump to solution

royimad
Builder
‎08-19-2014 04:45 AM

if i want only to count the number of occurrence of the word TagID without selecting the values how can i do that

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...