Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Regex to extract parts of a string delimited by dost (.)

cindygibbs_08
Communicator
‎07-22-2021 08:21 PM

Hello my loves I have one quick question

 

Lets say I have this two strings

AUJ.UEIEJ.829839.239383

033.4788383.27383.8HJJJ

WHat would be the correct regex expression to extract ONLY string of characters after the first dot and before the second dot.. that means

from AUJ.UEIEJ.829839.239383 I want  UEIEJ
from 033.4788383.27383.8HJJJ I want   4788383

Thank you my loves for the help!

kindly,

C

Labels (1)
Labels
Tags (1)
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎07-22-2021 11:01 PM 
| rex "^[\.]+\.(?<string>[^\.]+)\."
Reply

venkatasri
SplunkTrust
SplunkTrust
‎07-22-2021 10:18 PM

Hi @cindygibbs_08 

Can you try this?

| makeresults 
| eval x="AUJ.UEIEJ.829839.239383" 
| rex field=x "\.(?<field1>.+?)\."

---

An upvote would be appreciated if this reply helps and Accept the solution!

0 Karma
Reply

venkatasri
SplunkTrust
SplunkTrust
‎07-22-2021 10:20 PM

@cindygibbs_08  Assumed your field name as x (replace with your field name) which containing a string value. If the string is part of _raw event and not been extracted already this might not work.

 

0 Karma
Reply
Get Updates on the Splunk Community!

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...