Solved: Need help with a complicated field-extraction via ...

AnujaJadhav2 · ‎11-23-2017

want to extract a field in splunk however Splunk Regex won't work so I am writing my own Regex. However I am struggling to extract. Can someone please help?

My String:

Node ID=nbgcXYZdfdscxm2
Node ID=NBGDFDFCCXM2
Node ID=BURECXM2

Expected Output:

cXYZdfds
DFDFC
BURE

So far I was able to write this .*(?i)Node ID=^nbg

cpetterborg · ‎11-23-2017

This worked for me (validated using regex101.com):

(?i)Node ID=(nbg)?(?P<thing>\w+)cxm\d+

View solution in original post

cpetterborg · ‎11-23-2017

This worked for me (validated using regex101.com):

(?i)Node ID=(nbg)?(?P<thing>\w+)cxm\d+

AnujaJadhav2 · ‎11-24-2017

Just Perfect. Cannot imagine I wasted hours around this. Thank you so much.

MuS · ‎11-23-2017

Hi AnujaJadhav2,

using regex101.com I ended up with this or regex:

 Node ID=(?i:(nbg))(.+)(?i:(cxm\d))|Node ID=(.+)(?i:(cxm\d))

the capturing group (.+) gives you the required results.

I'm sure this is not the best solution regex wise and some more clever guys haver better regexes, but it gives you something to start with 🙂

cheers, MuS

AnujaJadhav2 · ‎11-24-2017

This works very well in regex101 but it needs a capturing group for extraction. Nevertheless, thank you so much for your help.

Need help with a complicated field-extraction via regex

Devesh Logendran, Splunk, and the Singapore Cyber Conquest

There's No Place Like Chrome and the Splunk Platform

Customer Experience | Join the Customer Advisory Board!