Solved: Re: Rex command help

mpk_24 · ‎05-19-2025

Hey @Splunkers,

Looking for valuable insights for this use case.

I wanted to extract the numbers at the end of the log (highlighted in bold). Pls help.

Sample log:

74.133.120.000 - LASTHOP:142.136.168.1 - [19/May/2025:23:30:12 +0000] "GET /content/*/residential.existingCustomerProfileLoader.json HTTP/1.1" 200 143 "/cp/activate-apps?cmp=dotcom_sms_selectapps_111324" "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Mobile Safari/537.36" 384622

liangliang · ‎05-19-2025

you can try this (?P<number>\d+)$
the $ will match the end of this line

View solution in original post

mpk_24 · ‎05-19-2025

@liangliang thank you so much for your respond. This works. Appreciate very much.

liangliang · ‎05-19-2025

you can try this (?P<number>\d+)$
the $ will match the end of this line

Rex command help

rex

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

SplunkTrust Application Period is Officially OPEN!

Join the Conversation