Solved: Separting the string in splunk

mayank101 · ‎07-16-2019

I have various search string under the field name entity:

            Entity

1 GBP:BOOT2NDSUNQTR_MAINT4_lonlx11067
2 GBP:BOOT2NDSUNMONTH_MAINT3_redlxd00130
3 AMP:BOOT2NDSATMONTH_MAINT4_psclxd00034
4 AMP:BOOTALLSUNMONTH_MAINT1_SecProd_DEV_totlxfidevsp126
.
.
.
and so on

I want host name to be extracted such as lonlx11067,totlxfidevsp126 and do on. Could you help me in writing the query for the same I am particularly new to this

nick405060 · ‎07-16-2019

Write your extraction rex.

... | rex field=Entity "_(?<host>[^_]+?)$" | table Entity host

View solution in original post

nick405060 · ‎07-16-2019

Write your extraction rex.

... | rex field=Entity "_(?<host>[^_]+?)$" | table Entity host

mayank101 · ‎07-16-2019

I did not understood what you said.What is extraction rex

nick405060 · ‎07-16-2019

https://docs.splunk.com/Documentation/Splunk/7.3.0/SearchReference/Rex

Separting the string in splunk

Data Management Digest – December 2025

Index This | What is broken 80% of the time by February?

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Join the Conversation

Separting the string in splunk

Data Management Digest – December 2025

Index This | What is broken 80% of the time by February?

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...