Solved: Need help in extracting different format of fields

srinivas_gowda · ‎10-08-2021

Hello all,

I am extracting a field which is coming in multiple formats, however I found that once of the format is not working as expected. Details below. Please help me in extracting all of these formats without affecting others.

Example 1:(highlighted is the field I am trying to extract)

APPLICATION-MIB::evtDevice = STRING: "Server2.Application.APP.INTRANET" APPLICATION-MIB::evtComponent =

Example 2:(highlighted is the field I am trying to extract)

APPLICATION-MIB::evtDevice = STRING: "Server1" APPLICATION-MIB::evtComponent =

Example 3:(highlighted is the field I am trying to extract)

APPLICATION-MIB::evtDevice = STRING: "SG2-SWMGMT-CAT-001" APPLICATION-MIB::evtComponent =

regex used : APPLICATION-MIB::evtDevice\s+=\sSTRING:\s\"(?<source_host>\w+[a-zA-Z0-9-_]\w+)

The above regex is working for both example 1 and 2. However, for example 3 this is working only for the underlined fields and not everything highlighted.

Please help in getting this worked.

javiergn · ‎10-08-2021

Hi @srinivas_gowda , I would simply replace your regex with this:

APPLICATION-MIB::evtDevice\s+=\sSTRING:\s\"(?<source_host>[\w\-]+)

View solution in original post

javiergn · ‎10-08-2021

Hi @srinivas_gowda , I would simply replace your regex with this:

APPLICATION-MIB::evtDevice\s+=\sSTRING:\s\"(?<source_host>[\w\-]+)

Need help in extracting different format of fields

field extraction

regex

rex

subsearch

AI for AppInspect

App Platform's 2025 Year in Review: A Year of Innovation, Growth, and Community

Operationalizing Entity Risk Score with Enterprise Security 8.3+

Join the Conversation