Solved: Regex Help!

kc_prane · ‎07-22-2024

My Raw log says "message: (c4328dd3-d16e-4df8-a8e6-b2ebcab9d8bc)"

I wanted to extract everything inside the Parentheses ( )

Thanks in advance.

yuanliu · ‎07-22-2024

Like this?

| rex "message: \((?<in_parentheseses>[^\)]+)"

You can test with

| makeresults format=csv data="_raw
message: (c4328dd3-d16e-4df8-a8e6-b2ebcab9d8bc)"
``` data emulation above ```
| rex "message: \((?<in_parentheses>[^\)]+)"

_raw	in_parentheses
message: (c4328dd3-d16e-4df8-a8e6-b2ebcab9d8bc)	c4328dd3-d16e-4df8-a8e6-b2ebcab9d8bc

View solution in original post

kc_prane · ‎07-29-2024

Thank you for the help @yuanliu

yuanliu · ‎07-22-2024

Like this?

| rex "message: \((?<in_parentheseses>[^\)]+)"

You can test with

| makeresults format=csv data="_raw
message: (c4328dd3-d16e-4df8-a8e6-b2ebcab9d8bc)"
``` data emulation above ```
| rex "message: \((?<in_parentheses>[^\)]+)"

_raw	in_parentheses
message: (c4328dd3-d16e-4df8-a8e6-b2ebcab9d8bc)	c4328dd3-d16e-4df8-a8e6-b2ebcab9d8bc

Regex Help!

field extraction

Announcing the Expansion of the Splunk Academic Alliance Program

Learn Splunk Insider Insights, Do More With Gen AI, & Find 20+ New Use Cases You Can ...

Buttercup Games: Further Dashboarding Techniques (Part 7)