Solved: Regex Help!

kc_prane · ‎07-22-2024

My Raw log says "message: (c4328dd3-d16e-4df8-a8e6-b2ebcab9d8bc)"

I wanted to extract everything inside the Parentheses ( )

Thanks in advance.

yuanliu · ‎07-22-2024

Like this?

| rex "message: \((?<in_parentheseses>[^\)]+)"

You can test with

| makeresults format=csv data="_raw
message: (c4328dd3-d16e-4df8-a8e6-b2ebcab9d8bc)"
``` data emulation above ```
| rex "message: \((?<in_parentheses>[^\)]+)"

_raw	in_parentheses
message: (c4328dd3-d16e-4df8-a8e6-b2ebcab9d8bc)	c4328dd3-d16e-4df8-a8e6-b2ebcab9d8bc

View solution in original post

kc_prane · ‎07-29-2024

Thank you for the help @yuanliu

yuanliu · ‎07-22-2024

Like this?

| rex "message: \((?<in_parentheseses>[^\)]+)"

You can test with

| makeresults format=csv data="_raw
message: (c4328dd3-d16e-4df8-a8e6-b2ebcab9d8bc)"
``` data emulation above ```
| rex "message: \((?<in_parentheses>[^\)]+)"

_raw	in_parentheses
message: (c4328dd3-d16e-4df8-a8e6-b2ebcab9d8bc)	c4328dd3-d16e-4df8-a8e6-b2ebcab9d8bc

Regex Help!

field extraction

How to Monitor Google Kubernetes Engine (GKE)

Index This | How can you make 45 using only 4?

Splunk Education Goes to Washington | Splunk GovSummit 2024