Splunk Search

Regex help

Explorer

I am currently trying to use a regex to pick out the events with the date '2020XXXX' - I want the regex to search pick up any event date providing it does not have 'reg' following the '.' or '_' (pick out all the event dates below, except the first). How do I do this? 

Current regex: 2020\d{4}[\.\_]

List of different events\logs from the splunk search:

_20201007144100_20200416_reg.zip

_20201007103200_20201007.zip

_20201007095000_20201007.zip

_20201007092933_20201007.zip

_20201007061717_20201007_txn.zip

_20201007041719_20201007.zip

Labels (1)
0 Karma

Loves-to-Learn Lots

^_2\d*_(2)(\d*)([_\.])(?!req).*zip$

Works for all dates before year 3000

0 Karma

Explorer

Thank you for your quick response. Is it possible to expand that regex so that it picks up string without 'reg' following the '_' or '.'?

For example: 

So it would pick up:

_20201007103200_20201007.zip

but would not pick up:

_20201007144100_20200416_reg.zip

0 Karma

SplunkTrust
SplunkTrust

Hi @jboustead,

let me understand: do you want "_20201007103200_20201007.zip" and you want to exclude "_20201007144100_20200416_reg.zip", is it correct?

If this is your need, try this:

your_search
| regex "_2020\d{4}\.zip"
| ...

that you can test at https://regex101.com/r/g82uft/2

Ciao.

Giuseppe

 

 

 

0 Karma

Explorer

That is correct, however - I am also wanting to include other strings such as: 

_20201007061717_20201007_txn.zip

_20201007092933_20201007_stl.zip

Basically to include any string that does not contain _reg after the date...

0 Karma

SplunkTrust
SplunkTrust

Hi @jboustead,

please try (like the one hinted by @FritzWittwer1) someting like this:

 

your_search
| regex "_2020\d{4}([^\.]*)(?|reg)\.zip"
| ...

Ciao.

Giuseppe

 

0 Karma

SplunkTrust
SplunkTrust

Hi @jboustead,

try this regex

your_search
| regex "_2020\d{4}_|\."
| ...

that you can test at https://regex101.com/r/g82uft/1

Ciao.

Giuseppe

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!