Solved: Re: Simple regex

clymbouris · ‎11-26-2012

I'm just trying to get the CN name from what looks like the fields below
CN=John Smith,OU=Customer Service,OU=Users,OU=UK,DC=COMPANY,DC=LOCAL
CN=John Jr. Smith,OU=VIPs,OU=UK,DC=COMPANY,DC=LOCAL

I tried this

rex field=Name "CN=(?<Name>*),OU="

but didn't work out cause it kind of matches the last OU= instead of the first..

alacercogitatus · ‎11-26-2012

I think a slightly more accurate regex would be CN=(?<cn>[^,]*), as this will capture any CNs within a CN, and not just OUs. It will also capture any CNs that have an O or U in them.

View solution in original post

alacercogitatus · ‎11-26-2012

I think a slightly more accurate regex would be CN=(?<cn>[^,]*), as this will capture any CNs within a CN, and not just OUs. It will also capture any CNs that have an O or U in them.

sbrant_splunk · ‎11-26-2012

try this one:

CN=(?<Name>[^OU]*),OU

Simple regex

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Data Management Digest – May 2026

Join the Conversation