Splunk Search

Regex to extract parts of a string delimited by dost (.)

cindygibbs_08
Communicator

Hello my loves I have one quick question

 

Lets say I have this two strings

AUJ.UEIEJ.829839.239383

033.4788383.27383.8HJJJ

WHat would be the correct regex expression to extract ONLY string of characters after the first dot and before the second dot.. that means

from AUJ.UEIEJ.829839.239383 I want  UEIEJ
from 033.4788383.27383.8HJJJ I want   4788383

Thank you my loves for the help!

kindly,

C

Labels (1)
Tags (1)
0 Karma

ITWhisperer
SplunkTrust
SplunkTrust
| rex "^[\.]+\.(?<string>[^\.]+)\."
0 Karma

venkatasri
SplunkTrust
SplunkTrust

Hi @cindygibbs_08 

Can you try this?

| makeresults 
| eval x="AUJ.UEIEJ.829839.239383" 
| rex field=x "\.(?<field1>.+?)\."

---

An upvote would be appreciated if this reply helps and Accept the solution!

0 Karma

venkatasri
SplunkTrust
SplunkTrust

@cindygibbs_08  Assumed your field name as x (replace with your field name) which containing a string value. If the string is part of _raw event and not been extracted already this might not work.

 

0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!