Solved: Re: Need help with a complicated field-extraction ...

AnujaJadhav2 · ‎11-23-2017

want to extract a field in splunk however Splunk Regex won't work so I am writing my own Regex. However I am struggling to extract. Can someone please help?

My String:

Node ID=nbgcXYZdfdscxm2
Node ID=NBGDFDFCCXM2
Node ID=BURECXM2

Expected Output:

cXYZdfds
DFDFC
BURE

So far I was able to write this .*(?i)Node ID=^nbg

cpetterborg · ‎11-23-2017

This worked for me (validated using regex101.com):

(?i)Node ID=(nbg)?(?P<thing>\w+)cxm\d+

View solution in original post

cpetterborg · ‎11-23-2017

This worked for me (validated using regex101.com):

(?i)Node ID=(nbg)?(?P<thing>\w+)cxm\d+

AnujaJadhav2 · ‎11-24-2017

Just Perfect. Cannot imagine I wasted hours around this. Thank you so much.

MuS · ‎11-23-2017

Hi AnujaJadhav2,

using regex101.com I ended up with this or regex:

 Node ID=(?i:(nbg))(.+)(?i:(cxm\d))|Node ID=(.+)(?i:(cxm\d))

the capturing group (.+) gives you the required results.

I'm sure this is not the best solution regex wise and some more clever guys haver better regexes, but it gives you something to start with 🙂

cheers, MuS

AnujaJadhav2 · ‎11-24-2017

This works very well in regex101 but it needs a capturing group for extraction. Nevertheless, thank you so much for your help.

Need help with a complicated field-extraction via regex

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation