Solved: Need help with a complicated field-extraction via ...

AnujaJadhav2 · ‎11-23-2017

want to extract a field in splunk however Splunk Regex won't work so I am writing my own Regex. However I am struggling to extract. Can someone please help?

My String:

Node ID=nbgcXYZdfdscxm2
Node ID=NBGDFDFCCXM2
Node ID=BURECXM2

Expected Output:

cXYZdfds
DFDFC
BURE

So far I was able to write this .*(?i)Node ID=^nbg

cpetterborg · ‎11-23-2017

This worked for me (validated using regex101.com):

(?i)Node ID=(nbg)?(?P<thing>\w+)cxm\d+

View solution in original post

cpetterborg · ‎11-23-2017

This worked for me (validated using regex101.com):

(?i)Node ID=(nbg)?(?P<thing>\w+)cxm\d+

AnujaJadhav2 · ‎11-24-2017

Just Perfect. Cannot imagine I wasted hours around this. Thank you so much.

MuS · ‎11-23-2017

Hi AnujaJadhav2,

using regex101.com I ended up with this or regex:

 Node ID=(?i:(nbg))(.+)(?i:(cxm\d))|Node ID=(.+)(?i:(cxm\d))

the capturing group (.+) gives you the required results.

I'm sure this is not the best solution regex wise and some more clever guys haver better regexes, but it gives you something to start with 🙂

cheers, MuS

AnujaJadhav2 · ‎11-24-2017

This works very well in regex101 but it needs a capturing group for extraction. Nevertheless, thank you so much for your help.

Need help with a complicated field-extraction via regex

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Are you a member of the Splunk Community?

Need help with a complicated field-extraction via regex

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ