Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Regex crash course?

Joffer
Path Finder
‎07-28-2010 10:34 AM

Can anyone recommend a good regex crash course article so I can learn how to write my (simple) whitelists and blacklists for my inputs.conf?

Reply
2 Solutions
Solved! Jump to solution
Solution

Michael_Wilde
Splunk Employee
Splunk Employee
‎07-28-2010 08:17 PM

You might want to check out my video and some of the tools i use.

SplunkNinja - All My Regex's Live in Texas

View solution in original post

Reply
Solved! Jump to solution

jangid
Builder
‎06-06-2012 04:32 AM

This is also good small document to learn

http://api.ning.com/files/k-J0BUJLASFKKlDVrodtWvdSn3lDz02U5nlTTuovnU0Fjn4Gt6JNy0YjAS2sYjhC93bhNT02kD...

0 Karma
Reply
Solved! Jump to solution

Alexandre_Nizou
Explorer
‎11-01-2010 07:03 PM

If you want to test your regular expressions on the spot, use the online http://www.regexpal.com/.

Take your REGEX and copy it in the first box, take the logs you are trying to match and copy them in the second box... et voila!

0 Karma
Reply
Solved! Jump to solution

dwaddle
SplunkTrust
SplunkTrust
‎09-04-2010 10:34 PM

There's not much better on the topic than the O'Reilly book -- http://oreilly.com/catalog/9780596528126/ ... but this is not a "crash course" by any means, it is a full length discussion in great detail.

Given Splunk uses PCRE (Perl Compatible Regular Expressions) I find the "pcrepattern" man page at http://linux.die.net/man/3/pcrepattern to be a useful reference to the advanced features of PCRE.

Reply
Solved! Jump to solution

saurabh_tek11
Communicator
‎12-05-2017 02:01 AM

Thanks @dwaddle - i was curious to know, what you answered - Splunk uses PCRE.

0 Karma
Reply
Solved! Jump to solution

lguinn2
Legend
‎08-12-2010 08:38 AM

For people who like books, I suggest SAM's Teach Yourself Regular Expressions in 10 Minutes (Ben Forta)

It is reviewed on the regular-expressions info site http://www.regular-expressions.info/book10mins.html

0 Karma
Reply
Solved! Jump to solution
Solution

Michael_Wilde
Splunk Employee
Splunk Employee
‎07-28-2010 08:17 PM

You might want to check out my video and some of the tools i use.

SplunkNinja - All My Regex's Live in Texas

Reply
Solved! Jump to solution

Joffer
Path Finder
‎07-29-2010 07:34 AM

Sweet. RegexBuddy will probably help me alot 🙂

0 Karma
Reply
Solved! Jump to solution

saurabh_tek11
Communicator
‎12-05-2017 02:04 AM

@MichaelWilde - kindly update the link, as its not opening now.

0 Karma
Reply
Solved! Jump to solution
Solution

wollinet
Path Finder
‎07-28-2010 11:05 AM

Have a look at:

http://www.regular-expressions.info/

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

Hello Splunkers,  We’re excited to kick off a Splunk Dashboard contest! We know that dashboards are a primary ...

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...