Solved: Re: Remove extension from filepath in field value ...

paragvidhi · ‎06-19-2019

I have a field in my Splunk search name filepath which contains the base path of file like below
repository/2650/document/960891_1.pdf
repository/357/document/96_1.wordx

I need to extract below string from my already existing field.
filepath value : repository/2650/document/960891_1.pdf
extract value : repository/2650/document/960891_1

filepath value : repository/357/document/96_1.wordx
extract value : repository/357/document/96_1

in short, I need to remove file extension from field value dynamically

renjith_nair · ‎06-19-2019

@paragvidhi ,

Try

| rex field=filepath "(?<Base>.+)\.[^.]+$"

where filepath is your current field

---
What goes around comes around. If it helps, hit it with Karma 🙂

View solution in original post

renjith_nair · ‎06-19-2019

@paragvidhi ,

Try

| rex field=filepath "(?<Base>.+)\.[^.]+$"

where filepath is your current field

---
What goes around comes around. If it helps, hit it with Karma 🙂

paragvidhi · ‎06-19-2019

@renjith.nair ,
Thanks for your help it's working for me
thanks a lot

Remove extension from filepath in field value dynamically.

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Announcing Modern Navigation: A New Era of Splunk User Experience

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

Join the Conversation