Solved: Regex help!

sumanssah · ‎06-29-2017

Hello All,

Need assistance in regex creation.

I want to remove every thing before an character.

Example:

/REGISTRY/MACHINE/Software/Microsoft/Windows/CurrentVersion/Explorer/Browser Helper Objects/{B4F3A835-0E21-4959-BA22-42B3008E02FF}

Want to remove every thing before "{"

And expecting the result as
{B4F3A835-0E21-4959-BA22-42B3008E02FF}

Thanks in advance.

Regards
..............SS

somesoni2 · ‎06-29-2017

In line in search you can do like this

your current search which include the fieldInFocus
| rex field=fieldInFocus mode=sed "s/^([^\{]+)(.+)/\2/g"

OR

your current search which include the fieldInFocus
| eval fieldInFocus=replace(fieldInFocus,"([^\{]+)","")

somesoni2 · ‎06-29-2017

In line in search you can do like this

your current search which include the fieldInFocus
| rex field=fieldInFocus mode=sed "s/^([^\{]+)(.+)/\2/g"

OR

your current search which include the fieldInFocus
| eval fieldInFocus=replace(fieldInFocus,"([^\{]+)","")

sumanssah · ‎06-29-2017

Thanks Soni ,

| rex field=fieldInFocus mode=sed "s/^([^{]+)(.+)/\2/g"

Work as expected 🙂

Regex help!