Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Regular expression in Datamodel attribute

snemiro_514
Path Finder
‎12-11-2014 10:02 AM

Hi splunkers,

I need to create a new attribute in one datamodel. I think I don't understand the syntax or what's going on.

The field tranID contains two letters and a number (FR82734, WR293482) . I need a new field auxTranID containing only the number portion...so this is what I did:

In the search box:

| datamodel DATATEST TRAN search | rex field="TRAN.tranID" (? New FIELD NAME BETWEEN ANGLE BRACKETS \d+)"

Then I have a new field auxTranID with the proper numeric value.

If I go to the add attribute feature in the datamodel definition and I add a rex expression selecting the field tranID and writting "(? New FIELD NAME BETWEEN ANGLE BRACKETS \d+)" in the regex field, I don't see the new field in the object.

What am I doing wrong?

Thanks!

Tags (3)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

snemiro_514
Path Finder
‎12-11-2014 10:43 AM

Wow.

I've removed the quotes and it started working.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

snemiro_514
Path Finder
‎12-11-2014 10:43 AM

Wow.

I've removed the quotes and it started working.

0 Karma
Reply
Get Updates on the Splunk Community!

Updated Team Landing Page in Splunk Observability

We’re making some changes to the team landing page in Splunk Observability, based on your feedback. The ...

New! Splunk Observability Search Enhancements for Splunk APM Services/Traces and ...

Regardless of where you are in Splunk Observability, you can search for relevant APM targets including service ...

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...