Re: How to write the regex to extract this field?

splunker9999 · ‎07-19-2016

Hi ,

Can someone please suggest the regex for this field extraction?

We need to extract de from below context with field as Name:

csc-3.0.1/r1_de_ *:1012

Thanks

gabriel_vasseur · ‎07-20-2016

It would help if you could provide many examples of the data, so that we can understand what's variable and what's always the same, as that is key to design a good regex.

sundareshr · ‎07-19-2016

Try this

.. | rex "_(?<Name>\w+)_" | ...

*OR*

.. | rex "_(?<Name>\w{2})_" | ...

skoelpin · ‎07-19-2016

Hey @splunker9999 This will work. The way I learned it was by going to regex101.com and pasting the text and writing regex to make it work

(?<=r1\_)de

splunker9999 · ‎07-19-2016

Hi , This doesn't works.

I used below
^[^/\n]*/\w+\d+_(?P[a-z]+)

Thanks

skoelpin · ‎07-19-2016

I forgot to mention that the point of regular expressions is to match patterns so if you had any other text than "r1_de" then it will not pick it up. Instead the regex should look like the one below, where it will pick up on digits and letters rather than hardcoded values

(?<=\w\_)\w{2}

How to write the regex to extract this field?

Splunk Observability for AI

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Splunk Observability as Code: From Zero to Dashboard

Are you a member of the Splunk Community?

How to write the regex to extract this field?

Splunk Observability for AI

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Splunk Observability as Code: From Zero to Dashboard