Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Regex crash course?

Joffer
Path Finder
‎07-28-2010 10:34 AM

Can anyone recommend a good regex crash course article so I can learn how to write my (simple) whitelists and blacklists for my inputs.conf?

Reply
2 Solutions
Solved! Jump to solution
Solution

Michael_Wilde
Splunk Employee
Splunk Employee
‎07-28-2010 08:17 PM

You might want to check out my video and some of the tools i use.

SplunkNinja - All My Regex's Live in Texas

View solution in original post

Reply
Solved! Jump to solution

jangid
Builder
‎06-06-2012 04:32 AM

This is also good small document to learn

http://api.ning.com/files/k-J0BUJLASFKKlDVrodtWvdSn3lDz02U5nlTTuovnU0Fjn4Gt6JNy0YjAS2sYjhC93bhNT02kD...

0 Karma
Reply
Solved! Jump to solution

Alexandre_Nizou
Explorer
‎11-01-2010 07:03 PM

If you want to test your regular expressions on the spot, use the online http://www.regexpal.com/.

Take your REGEX and copy it in the first box, take the logs you are trying to match and copy them in the second box... et voila!

0 Karma
Reply
Solved! Jump to solution

dwaddle
SplunkTrust
SplunkTrust
‎09-04-2010 10:34 PM

There's not much better on the topic than the O'Reilly book -- http://oreilly.com/catalog/9780596528126/ ... but this is not a "crash course" by any means, it is a full length discussion in great detail.

Given Splunk uses PCRE (Perl Compatible Regular Expressions) I find the "pcrepattern" man page at http://linux.die.net/man/3/pcrepattern to be a useful reference to the advanced features of PCRE.

Reply
Solved! Jump to solution

saurabh_tek11
Communicator
‎12-05-2017 02:01 AM

Thanks @dwaddle - i was curious to know, what you answered - Splunk uses PCRE.

0 Karma
Reply
Solved! Jump to solution

lguinn2
Legend
‎08-12-2010 08:38 AM

For people who like books, I suggest SAM's Teach Yourself Regular Expressions in 10 Minutes (Ben Forta)

It is reviewed on the regular-expressions info site http://www.regular-expressions.info/book10mins.html

0 Karma
Reply
Solved! Jump to solution
Solution

Michael_Wilde
Splunk Employee
Splunk Employee
‎07-28-2010 08:17 PM

You might want to check out my video and some of the tools i use.

SplunkNinja - All My Regex's Live in Texas

Reply
Solved! Jump to solution

Joffer
Path Finder
‎07-29-2010 07:34 AM

Sweet. RegexBuddy will probably help me alot 🙂

0 Karma
Reply
Solved! Jump to solution

saurabh_tek11
Communicator
‎12-05-2017 02:04 AM

@MichaelWilde - kindly update the link, as its not opening now.

0 Karma
Reply
Solved! Jump to solution
Solution

wollinet
Path Finder
‎07-28-2010 11:05 AM

Have a look at:

http://www.regular-expressions.info/

Reply
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...