Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Regex command with eval regex-expression

kaspean
Loves-to-Learn Lots
‎03-26-2021 01:21 AM

I am beginner with splunk and want to filter the log lines with matching file name field but file name (Ex. file_name=XXXXXX.abc.XXX.20210326.XXX.txt) have date as part of its value which varies as per current day. 

I tried the below approach and it didn't help.

 index=xyz source="/logs/logfile.log"
| eval filename_expr="%abc%".strftime(now(), "%Y%m%d")."%"
| regex file_name=filename_expr
| stats count by source

Please advise.

Labels (2)
Labels
0 Karma
Reply

rnowitzki
Builder
‎03-26-2021 04:52 AM

Hi @kaspean 

Try it with where like instead of the regex command:

| where like(file_name, filename_expr)


BR
Ralph

--
Karma and/or Solution tagging appreciated.
0 Karma
Reply
Register for .conf21 Now! Go Vegas or Go Virtual!

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.

Get Updates on the Splunk Community!