Join the Conversation
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Re: Regex to start with specific characters
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, i would like to get all the requests that start with / and there will be few alpha numeric characters and then ends with .css or .js, etc.
i have tried ^/*.(css|js) but did not work. Any suggestions?
Sample requests
/B387_38.css
/Globalfile.js
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Well, you probably should not start the regex with a caret (^), unless you want to start your matching from the very beginning of the event. Also, there seems to be some confusion regarding regex wildcard characters.
* = match the preceding character zero or more times
. = match any character (once)
"slash, followed by a few alphanums, followed by dot, followed by either css or js" would look like;
/[A-Za-z0-9]+\.(js|css)
if you also want underscore to match in the filename, you can actually shorten the expression
/\w+\.(js|css)
Note, if you want to use the regex search command, you might need to specify more things, like a field to operate on, or quoting.
http://docs.splunk.com/Documentation/Splunk/5.0.3/SearchReference/Regex
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Well, you probably should not start the regex with a caret (^), unless you want to start your matching from the very beginning of the event. Also, there seems to be some confusion regarding regex wildcard characters.
* = match the preceding character zero or more times
. = match any character (once)
"slash, followed by a few alphanums, followed by dot, followed by either css or js" would look like;
/[A-Za-z0-9]+\.(js|css)
if you also want underscore to match in the filename, you can actually shorten the expression
/\w+\.(js|css)
Note, if you want to use the regex search command, you might need to specify more things, like a field to operate on, or quoting.
http://docs.splunk.com/Documentation/Splunk/5.0.3/SearchReference/Regex
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yep, if you use a field to operate on, the caret is relative to the field value.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Add the initial caret.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you Kristian. the pattern i gave is uri and it always starts with / so that is why i had ^. So if i wanted to start with should i just add ^ at the beginning for the regex expression.
When i use the regex you have given, i am getting
/mobile/m/shared/css/global.css
/js/grainger/addtocartajax.js
which is not the format i am looking for (/B387_38.css or
/Globalfile.js). Do you know what to change?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
OOPS. A typo in the regexs. Fixed that now.
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Index This | What travels the world but is also stuck in place?
Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data
Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...
