Solved: Re: Remove extension from filepath in field value ...

paragvidhi · ‎06-19-2019

I have a field in my Splunk search name filepath which contains the base path of file like below
repository/2650/document/960891_1.pdf
repository/357/document/96_1.wordx

I need to extract below string from my already existing field.
filepath value : repository/2650/document/960891_1.pdf
extract value : repository/2650/document/960891_1

filepath value : repository/357/document/96_1.wordx
extract value : repository/357/document/96_1

in short, I need to remove file extension from field value dynamically

renjith_nair · ‎06-19-2019

@paragvidhi ,

Try

| rex field=filepath "(?<Base>.+)\.[^.]+$"

where filepath is your current field

---
What goes around comes around. If it helps, hit it with Karma 🙂

View solution in original post

renjith_nair · ‎06-19-2019

@paragvidhi ,

Try

| rex field=filepath "(?<Base>.+)\.[^.]+$"

where filepath is your current field

---
What goes around comes around. If it helps, hit it with Karma 🙂

paragvidhi · ‎06-19-2019

@renjith.nair ,
Thanks for your help it's working for me
thanks a lot

Remove extension from filepath in field value dynamically.

Index This | What is broken 80% of the time by February?

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Splunk MCP & Agentic AI: Machine Data Without Limits

Join the Conversation

Remove extension from filepath in field value dynamically.

Index This | What is broken 80% of the time by February?

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Splunk MCP & Agentic AI: Machine Data Without Limits