Solved: How to write the regex to remove the filename and ...

kleckns · ‎04-03-2015

I'm trying to remove the filename from path and return path only in Splunk

example:

`C:\path\path\path\path\application.exe`

the path is variable length.

`| regex mypath="[^.*\/].*" |`

not only does my syntax for the command between splunk pipes not work, but the syntax for regex argument is incorrect as well. any help appreciated.

somesoni2 · ‎04-03-2015

Give this a try

| rex field=yourfieldname  "(?<Path>.*)\\\\"

See this runanywhere splunk search

| gentimes start=-1 | eval path="C:\path\path\path\path\application.exe" | table path | rex field=path "(?<Path>.*)\\\\"

judevine · ‎09-09-2021

You probably already have your solution in 2021, but anyway, here's a solution:

| makeresults
| eval path="/opt/splunk/etc/system/local/inputs.conf"
| eval base_path=replace(path,"\/[^\/]+\.[^\/]+$","")
| table path base_path

somesoni2 · ‎04-03-2015

Give this a try

| rex field=yourfieldname  "(?<Path>.*)\\\\"

See this runanywhere splunk search

| gentimes start=-1 | eval path="C:\path\path\path\path\application.exe" | table path | rex field=path "(?<Path>.*)\\\\"

kleckns · ‎04-03-2015

That worked. Thank you very much.

How to write the regex to remove the filename and only return the path from my data?