Solved: Regex for fields

shugup2923 · ‎10-11-2019

Hi All,
can you please help in extracting three fields from below data using regex
Name code Type

Below are three different type of values , out of which I need to extract Name code Type

Name-1453-Users@company------- after extraction(Name=Name code=1453 Type=User)
Name-ROR444-Users@company------- after extraction(Name=Name code=ROR444 Type=User)
Name-Name-ROR444-Users@company-------- after extraction(Name=Name-Name code=ROR444 Type=User)
Name-Name-Name-Name-1435-Users@company-------- after extraction ( Name=Name-Name-Name-Name code=1435 Type=User)

ololdach · ‎10-11-2019

Hi,
rex field=_raw "^(?<Name>.*)-(?<code>\w+|\d+)-\w+@" | eval Type="User"

View solution in original post

ololdach · ‎10-11-2019

Hi,
rex field=_raw "^(?<Name>.*)-(?<code>\w+|\d+)-\w+@" | eval Type="User"

shugup2923 · ‎10-11-2019

We can't use Eval to create Type as it could be approver also

shugup2923 · ‎10-11-2019

Thannks for your help-
Final Regex
^(?.*)-(?\w+|\d+)-(?\w+)\@

Regex for fields

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Join the Conversation

Regex for fields

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...