Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

([^\/]+)\/ REGEX meaning?

Harishma
Communicator
‎11-03-2016 03:51 AM

Can someone explain me wht that simple regex means??
Sorry for this simple question but this is very new to me. I understand these..
^ --> refers to start of / position
+--> means one or more
([^\/]+)\/

But this regex matches the below CAPITAL ONES for example:

AAAA/BBBB/CCCC/hhhh
Why hhhh is not matched? If ^\/ refers to start of position of "/", why things before the last slash ie before /hhhh are matched??

Appreciate your help on this.

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎11-03-2016 04:57 AM

Within square brackets the '^' character means 'not'. Therefore, the regex matches at least one non-slash character followed by a slash.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

0 Karma
Reply
Solved! Jump to solution

inventsekar
SplunkTrust
SplunkTrust
‎11-03-2016 08:30 AM

\/ ------- will match for a "/"
^\/ ----- will match for a "/" at the beginning of the line.
[^\/] ------ ^ inside a [ ] will be for negation(opposite of). it will match for anything except a "/"
[^\/]+ ----- it will match for, one or more characters, anything except a "/"
([^\/]+)----- the rex matching should be put inside the flower bracket "( )".
([^\/]+)\/ --- the "\/" tells that, match till this "/". (it will match only AAAA or whatever before a first "/".)

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !
Reply
Solved! Jump to solution

Harishma
Communicator
‎11-04-2016 12:11 AM

Thankyuo so much 🙂 Got it ..

0 Karma
Reply
Solved! Jump to solution

lakromani
Builder
‎11-04-2016 01:14 AM

I think you do not need to escape the / inside [], so this will work as well.

([^/]+)\/
0 Karma
Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎11-03-2016 04:57 AM

Within square brackets the '^' character means 'not'. Therefore, the regex matches at least one non-slash character followed by a slash.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Solved! Jump to solution

Harishma
Communicator
‎11-03-2016 07:20 AM

Oh If thats the case , it should ignore AAAA and match /BBBB/CCCC/hhhh

(\/.+) would match like that right??

Whats the difference between this (\/.+) and ([^\/]+)\/

0 Karma
Reply
Solved! Jump to solution

Richfez
SplunkTrust
SplunkTrust
‎11-03-2016 08:16 AM

You can see a lot of this at what I've saved on regex101.com

Bit by bit,

(\/.+)
\/ is an escape, forward slash. The escape says the forward slash isn't a control character, but that you instead actually want a literal forward slash. . matches any one character, and the following + says "One or more of whatever immediately preceded this". So, all together, it'll look for a forward slash then one or more "somethings" following it.

([^\/]+)\/
[^\/] says to match characters that are NOT a forward slash. [] is for a character set, but when the first character inside it is ^ it flips it to NOT that character set. Following that is + so take one or more of those. Finally, the trailing \/ says it should be followed by a forward slash.

Again the regex101 link above has this, and if you study the explanation on the left it should vaguely match what I just wrote. 🙂

Also note the parenthesis are just to group things.

Reply
Solved! Jump to solution

Harishma
Communicator
‎11-04-2016 12:09 AM

Thankyuo so much 🙂 That helped..!!

0 Karma
Reply
Get Updates on the Splunk Community!

Detecting Brute Force Account Takeover Fraud with Splunk

This article is the second in a three-part series exploring advanced fraud detection techniques using Splunk. ...

Buttercup Games: Further Dashboarding Techniques (Part 9)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...

Buttercup Games: Further Dashboarding Techniques (Part 8)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...
Top