Solved: Rex to select number from string

abbam · ‎03-07-2018

Hi All,

I am trying to select numbers from a field using Rex, but I cannot seem to figure it out.

Basically the values that i have in the field are:

XX (432)
FH02 (2356)
YR01 (855553)

I want to be able to select the number in the () - this number can be of any length.

How can I do this?

Thanks!

mayurr98 · ‎03-07-2018

You can try something like this

<your base search> | rex field=<fieldname> "\s\((?<number>[^\)]+)"

let me know if this helps!

mayurr98 · ‎03-07-2018

You can try something like this

<your base search> | rex field=<fieldname> "\s\((?<number>[^\)]+)"

let me know if this helps!

mayurr98 · ‎03-07-2018

try this if the field is multivalue

| rex field=<fieldname> max_match=0 "\s\((?<number>[^\)]+)"

abbam · ‎03-07-2018

thank you! worked perfectly!

493669 · ‎03-07-2018

Hi @abbam,
try this:

|rex field=<fieldname> "\((?<number>\d+)"

try this run anywhere search:

|makeresults|eval sample="XX (432)"|rex field=sample "\((?<number>\d+)"

abbam · ‎03-07-2018

Thank you!

How would you do it if the field was multivalue?

Rex to select number from string