Regex help

khajaforu · ‎05-31-2018

Hey Guys,

I need help to write a regex with the name upload to pull the number 3712 from the below log where 'B Sent' is ending string for all the logs.

Upload log: Successfully sent file '\servername\Projects\Cdfad\Prod\51327426.xml' (3712 B sent)

Similarly regex with the name Download to pull the number 152 from the below log (152 B received) where B received is ending

Download log: Successfully stored file at '\servername\Projects\FOI\QA\MassUpdates\F000' (152 B received)

Thank you in advance for your help.

jconger · ‎05-31-2018

Something like this should work:

\((?<my_field>.*)\sB\ssent\)$

Explanation:

\( matches the '(' character
(?<my_field>.*) is the capture group
\s matches a space
B matches 'B'
\s matches a space
\) matches the ')' character 
$ anchors the regex to the end of the line

Similarly, this should work for your other example:

\((?<my_field>.*)\sB\sreceived\)$

Regex help

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Mile High Learning with Splunk University, Denver, Colorado

IT Service Intelligence 5.0 Series: Your Guide to the June Launch

Agent Mode Engaged! Enchaining Agentic Operations with Splunk AI Assistant 2.0

Join the Conversation

Regex help

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Mile High Learning with Splunk University, Denver, Colorado

IT Service Intelligence 5.0 Series: Your Guide to the June Launch

Agent Mode Engaged! Enchaining Agentic Operations with Splunk AI Assistant 2.0