Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Regex to extract parts of a string delimited by dost (.)

cindygibbs_08
Communicator
‎07-22-2021 08:21 PM

Hello my loves I have one quick question

 

Lets say I have this two strings

AUJ.UEIEJ.829839.239383

033.4788383.27383.8HJJJ

WHat would be the correct regex expression to extract ONLY string of characters after the first dot and before the second dot.. that means

from AUJ.UEIEJ.829839.239383 I want  UEIEJ
from 033.4788383.27383.8HJJJ I want   4788383

Thank you my loves for the help!

kindly,

C

Labels (1)
Labels
Tags (1)
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎07-22-2021 11:01 PM 
| rex "^[\.]+\.(?<string>[^\.]+)\."
Reply

venkatasri
SplunkTrust
SplunkTrust
‎07-22-2021 10:18 PM

Hi @cindygibbs_08 

Can you try this?

| makeresults 
| eval x="AUJ.UEIEJ.829839.239383" 
| rex field=x "\.(?<field1>.+?)\."

---

An upvote would be appreciated if this reply helps and Accept the solution!

0 Karma
Reply

venkatasri
SplunkTrust
SplunkTrust
‎07-22-2021 10:20 PM

@cindygibbs_08  Assumed your field name as x (replace with your field name) which containing a string value. If the string is part of _raw event and not been extracted already this might not work.

 

0 Karma
Reply
Get Updates on the Splunk Community!

Your Guide to Splunk Digital Experience Monitoring

A flawless digital experience isn't just an advantage, it's key to customer loyalty and business success. But ...

Data Management Digest – November 2025

  Welcome to the inaugural edition of Data Management Digest! As your trusted partner in data innovation, the ...

Upcoming Webinar: Unmasking Insider Threats with Slunk Enterprise Security’s UEBA

Join us on Wed, Dec 10. at 10AM PST / 1PM EST for a live webinar and demo with Splunk experts! Discover how ...