Solved: Re: Regex expression Help pls ! urgent !

kailun92 · ‎06-21-2013

I have these fields

time : 1371877918
windBearing : 209
windSpeed : 6.34
psiAverage : 186
latitude : 1.429463
longitude : 103.835182
location : Yishun
cloudCover : 0.73
dewPoint : 69.96
humidity : 0.57
icon : partly-cloudy-day
ozone : 274.44
precipIntensity : 0
pressure : 1007.33
summary : Mostly Cloudy
temperature : 92.25

Anyone could tell me how to extract icon using regex expression ? I used this (?i)icon : (?P.+) expression but it return the bottom data also. Help pls. Thanks in advance.

starcher · ‎06-22-2013

Try changing the .+ to [^\s\n]+

View solution in original post

starcher · ‎06-22-2013

Try changing the .+ to [^\s\n]+

kailun92 · ‎06-22-2013

Thank you sooo much !!!!! love ya !

chris · ‎06-21-2013

This should work:

(?i)icon : (?P<fieldname>.+)\n

kailun92 · ‎06-22-2013

Good job !

kailun92 · ‎06-21-2013

I tried this but it still take out the value below it.

time : 1371883969
visibility : 4.67
windBearing : 201
windSpeed : 11.6
psiAverage : 184
latitude : 1.429463
longitude : 103.835182
location : Yishun
cloudCover : 0.9
dewPoint : 63.11
humidity : 0.5
icon : wind
ozone : 273.95
precipIntensity : 0
pressure : 1006.59
summary : Breezy and Mostly Cloudy
temperature : 94.24

Such as
cloudy
ozone : 273.95
precipIntensity : 0
pressure : 1006.59
summary : Breezy and Mostly Cloudy

Any more ways that will work ?

Regex expression Help pls ! urgent !

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Agent Mode Engaged! Enchaining Agentic Operations with Splunk AI Assistant 2.0

Announcing Modern Navigation: A New Era of Splunk User Experience

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Join the Conversation