I am attempting to extract fields from a file which was created to be human readable, so it has fields aligned at certain column numbers throughout. I wrote a regular expression to get a digit character at a specific column number and extract that to the lvl field. The actual expression is
This expression works without the field specification in Notepad++ for a search within the file that I'm trying to extract fields from in Splunk, but it doesn't find any suitable field values when used in the rex command or in Field Extraction. I figured this was a difference in syntax for PCRE regexes, or that there is a multiline specification that I'm missing. Adding a \m to the regex did not seem to do the trick.
SSN Emplid Employee Name Lvl Field Name Field Value Err# Error Description Resp Position
xxxxxxxxx xxxxxx Testy, Tester A 2 Organization testval 0086 Organization is blank or invalid L testval
xxxxxxxxx xxxxxx Testname, Test 2 Organization testval 0086 Organization is blank or invalid L testval
xxxxxxxxx xxxxxx Testerman, Testly 2 Organization testval 0086 Organization is blank or invalid L testval
Here is the input sample I used, and the exact expression the tester used is
Now I added the global modifier - the /g, and it did find all of the field values I was expecting. This regex still is not working in the Field Extractor or with the rex command, when I input it exactly as shown above.