Solved: Remove extension from filepath in field value dyna...

paragvidhi · ‎06-19-2019

I have a field in my Splunk search name filepath which contains the base path of file like below
repository/2650/document/960891_1.pdf
repository/357/document/96_1.wordx

I need to extract below string from my already existing field.
filepath value : repository/2650/document/960891_1.pdf
extract value : repository/2650/document/960891_1

filepath value : repository/357/document/96_1.wordx
extract value : repository/357/document/96_1

in short, I need to remove file extension from field value dynamically

renjith_nair · ‎06-19-2019

@paragvidhi ,

Try

| rex field=filepath "(?<Base>.+)\.[^.]+$"

where filepath is your current field

---
What goes around comes around. If it helps, hit it with Karma 🙂

View solution in original post

renjith_nair · ‎06-19-2019

@paragvidhi ,

Try

| rex field=filepath "(?<Base>.+)\.[^.]+$"

where filepath is your current field

---
What goes around comes around. If it helps, hit it with Karma 🙂

paragvidhi · ‎06-19-2019

@renjith.nair ,
Thanks for your help it's working for me
thanks a lot

Remove extension from filepath in field value dynamically.

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Monitoring AI Agents with Splunk Observability Cloud

[Puzzles] Solve, Learn, Repeat: Tiling

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

Join the Conversation