Splunk Search
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- How to write regex to extract three digit numbers ...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
karthikTIL
Path Finder
09-17-2014
09:57 PM
HI,
I have source file test.csv which has words like "abc-234 " , "456", "df 654", "er567 -ly".
In all the above words, i want to take only three digit numbers and assign to a field called "eng".
Please let me know how would be the regular expression would be?
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
MuS
Legend
09-17-2014
10:49 PM
Hi karthikTIL,
use something like this:
your base search here | rex "(?<eng>\d{3})" | ...
hope this helps ...
cheers, MuS
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
MuS
Legend
09-17-2014
10:49 PM
Hi karthikTIL,
use something like this:
your base search here | rex "(?<eng>\d{3})" | ...
hope this helps ...
cheers, MuS
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
karthikTIL
Path Finder
09-17-2014
10:58 PM
HI MuS,
sorry, i forgot to add.
All my words occur after "Title #:"
e.g. Title #: df 654
so i used,
your base search here | rex "Title #:(?\d{3})" | ...
but it did not give any result
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
MuS
Legend
09-17-2014
11:17 PM
Sure this will not work, because this regex does not match and you did not specify a field name for the group.
Why didn't you try the regex I provided? This will catch all 3 digit numbers, no matter what comes before or after.
But if you really need to match only the Title #: numbers use something like this:
your base search here | rex "Title\s\#\:[\s\w\-]+(?<eng>\d{3})" | ...
and please don't use your base search here as your search, this is only a place holder 😉
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
karthikTIL
Path Finder
09-17-2014
11:51 PM
Thanks MuS, it worked now.
actually i specified field in my query earlier, but it was not displayed in my query above:)
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
MuS
Legend
09-17-2014
11:53 PM
you're welcome. please mark this as answered if the provided answer was correct - thx
Get Updates on the Splunk Community!
Splunk Observability Cloud’s AI Assistant in Action Series: Analyzing and ...
This is the second post in our Splunk Observability Cloud’s AI Assistant in Action series, in which we look at ...
Elevate Your Organization with Splunk’s Next Platform Evolution
Thursday, July 10, 2025 | 11AM PDT / 2PM EDT
Whether you're managing complex deployments or looking to ...
Splunk Answers Content Calendar, June Edition
Get ready for this week’s post dedicated to Splunk Dashboards! We're celebrating the power of community by ...
