Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Regex crash course?

Joffer
Path Finder
‎07-28-2010 10:34 AM

Can anyone recommend a good regex crash course article so I can learn how to write my (simple) whitelists and blacklists for my inputs.conf?

Reply
2 Solutions
Solved! Jump to solution
Solution

Michael_Wilde
Splunk Employee
Splunk Employee
‎07-28-2010 08:17 PM

You might want to check out my video and some of the tools i use.

SplunkNinja - All My Regex's Live in Texas

View solution in original post

Reply
Solved! Jump to solution

jangid
Builder
‎06-06-2012 04:32 AM

This is also good small document to learn

http://api.ning.com/files/k-J0BUJLASFKKlDVrodtWvdSn3lDz02U5nlTTuovnU0Fjn4Gt6JNy0YjAS2sYjhC93bhNT02kD...

0 Karma
Reply
Solved! Jump to solution

Alexandre_Nizou
Explorer
‎11-01-2010 07:03 PM

If you want to test your regular expressions on the spot, use the online http://www.regexpal.com/.

Take your REGEX and copy it in the first box, take the logs you are trying to match and copy them in the second box... et voila!

0 Karma
Reply
Solved! Jump to solution

dwaddle
SplunkTrust
SplunkTrust
‎09-04-2010 10:34 PM

There's not much better on the topic than the O'Reilly book -- http://oreilly.com/catalog/9780596528126/ ... but this is not a "crash course" by any means, it is a full length discussion in great detail.

Given Splunk uses PCRE (Perl Compatible Regular Expressions) I find the "pcrepattern" man page at http://linux.die.net/man/3/pcrepattern to be a useful reference to the advanced features of PCRE.

Reply
Solved! Jump to solution

saurabh_tek11
Communicator
‎12-05-2017 02:01 AM

Thanks @dwaddle - i was curious to know, what you answered - Splunk uses PCRE.

0 Karma
Reply
Solved! Jump to solution

lguinn2
Legend
‎08-12-2010 08:38 AM

For people who like books, I suggest SAM's Teach Yourself Regular Expressions in 10 Minutes (Ben Forta)

It is reviewed on the regular-expressions info site http://www.regular-expressions.info/book10mins.html

0 Karma
Reply
Solved! Jump to solution
Solution

Michael_Wilde
Splunk Employee
Splunk Employee
‎07-28-2010 08:17 PM

You might want to check out my video and some of the tools i use.

SplunkNinja - All My Regex's Live in Texas

Reply
Solved! Jump to solution

Joffer
Path Finder
‎07-29-2010 07:34 AM

Sweet. RegexBuddy will probably help me alot 🙂

0 Karma
Reply
Solved! Jump to solution

saurabh_tek11
Communicator
‎12-05-2017 02:04 AM

@MichaelWilde - kindly update the link, as its not opening now.

0 Karma
Reply
Solved! Jump to solution
Solution

wollinet
Path Finder
‎07-28-2010 11:05 AM

Have a look at:

http://www.regular-expressions.info/

Reply
Get Updates on the Splunk Community!

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...