Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Regex crash course?

Joffer
Path Finder
‎07-28-2010 10:34 AM

Can anyone recommend a good regex crash course article so I can learn how to write my (simple) whitelists and blacklists for my inputs.conf?

Reply
2 Solutions
Solved! Jump to solution
Solution

Michael_Wilde
Splunk Employee
Splunk Employee
‎07-28-2010 08:17 PM

You might want to check out my video and some of the tools i use.

SplunkNinja - All My Regex's Live in Texas

View solution in original post

Reply
Solved! Jump to solution

jangid
Builder
‎06-06-2012 04:32 AM

This is also good small document to learn

http://api.ning.com/files/k-J0BUJLASFKKlDVrodtWvdSn3lDz02U5nlTTuovnU0Fjn4Gt6JNy0YjAS2sYjhC93bhNT02kD...

0 Karma
Reply
Solved! Jump to solution

Alexandre_Nizou
Explorer
‎11-01-2010 07:03 PM

If you want to test your regular expressions on the spot, use the online http://www.regexpal.com/.

Take your REGEX and copy it in the first box, take the logs you are trying to match and copy them in the second box... et voila!

0 Karma
Reply
Solved! Jump to solution

dwaddle
SplunkTrust
SplunkTrust
‎09-04-2010 10:34 PM

There's not much better on the topic than the O'Reilly book -- http://oreilly.com/catalog/9780596528126/ ... but this is not a "crash course" by any means, it is a full length discussion in great detail.

Given Splunk uses PCRE (Perl Compatible Regular Expressions) I find the "pcrepattern" man page at http://linux.die.net/man/3/pcrepattern to be a useful reference to the advanced features of PCRE.

Reply
Solved! Jump to solution

saurabh_tek11
Communicator
‎12-05-2017 02:01 AM

Thanks @dwaddle - i was curious to know, what you answered - Splunk uses PCRE.

0 Karma
Reply
Solved! Jump to solution

lguinn2
Legend
‎08-12-2010 08:38 AM

For people who like books, I suggest SAM's Teach Yourself Regular Expressions in 10 Minutes (Ben Forta)

It is reviewed on the regular-expressions info site http://www.regular-expressions.info/book10mins.html

0 Karma
Reply
Solved! Jump to solution
Solution

Michael_Wilde
Splunk Employee
Splunk Employee
‎07-28-2010 08:17 PM

You might want to check out my video and some of the tools i use.

SplunkNinja - All My Regex's Live in Texas

Reply
Solved! Jump to solution

Joffer
Path Finder
‎07-29-2010 07:34 AM

Sweet. RegexBuddy will probably help me alot 🙂

0 Karma
Reply
Solved! Jump to solution

saurabh_tek11
Communicator
‎12-05-2017 02:04 AM

@MichaelWilde - kindly update the link, as its not opening now.

0 Karma
Reply
Solved! Jump to solution
Solution

wollinet
Path Finder
‎07-28-2010 11:05 AM

Have a look at:

http://www.regular-expressions.info/

Reply
Get Updates on the Splunk Community!

SplunkTrust Application Period is Officially OPEN!

It's that time, folks! The application/nomination period for the 2025 SplunkTrust is officially open! If you ...

Splunk Answers Content Calendar, June Edition II

Get ready to dive into Splunk Dashboard panels this week! We'll be tackling common questions around ...

Splunk Observability Cloud's AI Assistant in Action Series: Auditing Compliance and ...

This is the third post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...
Top