Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Regex expression correction

kailun92
Communicator
‎07-07-2013 08:27 AM

I used (?i)location : (?P.+) to extract the location. But it always extract the word below it (None). Anyone knows how to solve this ? I need to extract only Choa Chu Kang.

My data is

cloudCover : 0.75
dewPoint: 21.42
humidity: 54.00
icon : partly-cloudy-day
ozone : 274.19
precipIntensity : 0.003
precipProbability : 0.04
precipType : rain
pressure : 1007.45
summary : Mostly Cloudy
temperature: 31.68
visibility : 6.21
windBearing : 139
windSpeed : 11.9
psiAverage : 19
latitude : 1.394557
longitude : 103.746396
location : Choa Chu Kang
None

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

okrabbe_splunk
Splunk Employee
Splunk Employee
‎07-07-2013 10:52 AM

You could try something like this which is a bit more explicit. 

(?im)^location\s:\s(?P<current_location>[^\n]+)

View solution in original post

Reply
Solved! Jump to solution
Solution

okrabbe_splunk
Splunk Employee
Splunk Employee
‎07-07-2013 10:52 AM

You could try something like this which is a bit more explicit. 

(?im)^location\s:\s(?P<current_location>[^\n]+)
Reply
Solved! Jump to solution

kailun92
Communicator
‎07-07-2013 05:48 PM

Thanks ! it works

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...