Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Simple rex works on REGEX101 but not in splunk.

codedtech
Path Finder
‎09-19-2019 06:29 AM

Hey so I have a list of of values, that need to be standardized. The values I'm need to transform look like this:
Pool1-dp
Pool2-dp
Pool3_MSDP
Pool4_MSDP
Pool5-dp

I need to trim the values to just have their proper pool names (Pool1). Here is the SPL
MySearch|rex mode=sed field="Field1" s/"(-dp)|(_MSDP)" but, when I run it in my instance I keep getting errors like this one.

Error in 'rex' command: Failed to initialize sed. Failed to parse the regex to replace.

I've spent about 4 hours trying to figure this out and I jut cant seem to do it. I wrote the REX in regex101, and it works there with no problem there. I did a bunch of googling and I tried most of the posts here at splunk answers, any help would be very appreciated.
Disclaimer I do not have access to the server where the instance is hosted, just the instance itself.

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎09-19-2019 06:44 AM

Your rex command may have been mangled by the forum (use backtics to prevent that), but it looks like the sed command is incomplete. There needs to be three delimiters: the first two enclose the expression to find and the second two enclose the replacement expression. Try this: rex mode=sed field="Field1" "s/(-dp)|(_MSDP)//".

---
If this reply helps you, Karma would be appreciated.
Reply
Get Updates on the Splunk Community!

Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside

Pack your bags (and maybe your dancing shoes)—Cisco Live is heading to San Diego, June 8–12, 2025, and Splunk ...

Splunk App Dev Community Updates – What’s New and What’s Next

Welcome to your go-to roundup of everything happening in the Splunk App Dev Community! Whether you're building ...

The Latest Cisco Integrations With Splunk Platform!

Join us for an exciting tech talk where we’ll explore the latest integrations in Cisco + Splunk! We’ve ...
Top