Join the Conversation
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Regex for fields
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi All,
can you please help in extracting three fields from below data using regex
Name code Type
Below are three different type of values , out of which I need to extract Name code Type
Name-1453-Users@company------- after extraction(Name=Name code=1453 Type=User)
Name-ROR444-Users@company------- after extraction(Name=Name code=ROR444 Type=User)
Name-Name-ROR444-Users@company-------- after extraction(Name=Name-Name code=ROR444 Type=User)
Name-Name-Name-Name-1435-Users@company-------- after extraction ( Name=Name-Name-Name-Name code=1435 Type=User)
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
rex field=_raw "^(?<Name>.*)-(?<code>\w+|\d+)-\w+@" | eval Type="User"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
rex field=_raw "^(?<Name>.*)-(?<code>\w+|\d+)-\w+@" | eval Type="User"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We can't use Eval to create Type as it could be approver also
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thannks for your help-
Final Regex
^(?.*)-(?\w+|\d+)-(?\w+)\@
Unlock Database Monitoring with Splunk Observability Cloud
Purpose in Action: How Splunk Is Helping Power an Inclusive Future for All
[Upcoming Webinar] Demo Day: Transforming IT Operations with Splunk
