Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Regex command with eval regex-expression

kaspean
Loves-to-Learn Lots
‎03-26-2021 01:21 AM

I am beginner with splunk and want to filter the log lines with matching file name field but file name (Ex. file_name=XXXXXX.abc.XXX.20210326.XXX.txt) have date as part of its value which varies as per current day. 

I tried the below approach and it didn't help.

 index=xyz source="/logs/logfile.log"
| eval filename_expr="%abc%".strftime(now(), "%Y%m%d")."%"
| regex file_name=filename_expr
| stats count by source

Please advise.

Labels (2)
Labels
0 Karma
Reply

rnowitzki
Builder
‎03-26-2021 04:52 AM

Hi @kaspean 

Try it with where like instead of the regex command:

| where like(file_name, filename_expr)


BR
Ralph

--
Karma and/or Solution tagging appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...

Splunk App Developers | .conf25 Recap & What’s Next

If you stopped by the Builder Bar at .conf25 this year, thank you! The retro tech beer garden vibes were ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...