Solved: Re: Need help on rex

Annna · ‎12-30-2020

wed } } }, { "S" : "12:00" } } }, "day" M" : { "close" : { "S" : "23:00" open "S" : "12:00" } } } } }, "email" : { "S" : " DHours" } } }, "email" : { "S" : " Hours" } } }]

| rex "wed.\D}.\D.\D.(?<sample>.*)DHours

i used above rex and gives the result like

{ "S" : "12:00" } } }, "day" M" : { "close" : { "S" : "23:00"open "S" : "12:00" } } } } }, "email" : { "S" : "

but i need below output

Result should be like

{ "S" : "12:00" } } }, "day" M" : { "close" : { "S" : "23:00"open "S" : "12:00" } } } } }

gcusello · ‎12-30-2020

Hi @Annna,

the results you have from your regex is the correct one for your regex, please try this:

| rex "wed.\D}.\D.\D.(?<sample>.*),\s+\"email\".*DHours"

that you can test at https://regex101.com/r/CutdeR/1

Ciao.

Giuseppe

View solution in original post

Annna · ‎12-30-2020

its working. Thank you..!!

gcusello · ‎12-30-2020

Hi @Annna,

good for you.

Ciao and happy splunking.

Giuseppe

P.S. Karma Points are appreciated 😉

gcusello · ‎12-30-2020

Hi @Annna,

the results you have from your regex is the correct one for your regex, please try this:

| rex "wed.\D}.\D.\D.(?<sample>.*),\s+\"email\".*DHours"

that you can test at https://regex101.com/r/CutdeR/1

Ciao.

Giuseppe

Need help on rex

rex

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor