Splunk Search

Is it possible to search for a specific email scheme? (not a specific string of characters)

Engager

Would it be difficult to create a rex search for an email scheme starting with alpha characters (no set amount of characters) and ending in 3 or more numbers before the "@" symbol of an email address?

If anyone knows how and can explain, that would be greatly appreciated!

0 Karma
Highlighted

Re: Is it possible to search for a specific email scheme? (not a specific string of characters)

Path Finder
Does this help ?

| makeresults
| eval email="recipient1234@gmail.com"
| rex field=email "(?<username>[A-Za-z]+\d{3,})\@(?<domain>\S+)"
| table email username domain

[A-Za-z]+\d{3,} -> will find a string with upper case or lower case characters followed by three or more numbers and will extract it to the field username

\S+ -> Captures anything but a white space  after the @ and extracts it to the dield domain