Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Simple rex works on REGEX101 but not in splunk.

codedtech
Path Finder
‎09-19-2019 06:29 AM

Hey so I have a list of of values, that need to be standardized. The values I'm need to transform look like this:
Pool1-dp
Pool2-dp
Pool3_MSDP
Pool4_MSDP
Pool5-dp

I need to trim the values to just have their proper pool names (Pool1). Here is the SPL
MySearch|rex mode=sed field="Field1" s/"(-dp)|(_MSDP)" but, when I run it in my instance I keep getting errors like this one.

Error in 'rex' command: Failed to initialize sed. Failed to parse the regex to replace.

I've spent about 4 hours trying to figure this out and I jut cant seem to do it. I wrote the REX in regex101, and it works there with no problem there. I did a bunch of googling and I tried most of the posts here at splunk answers, any help would be very appreciated.
Disclaimer I do not have access to the server where the instance is hosted, just the instance itself.

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎09-19-2019 06:44 AM

Your rex command may have been mangled by the forum (use backtics to prevent that), but it looks like the sed command is incomplete. There needs to be three delimiters: the first two enclose the expression to find and the second two enclose the replacement expression. Try this: rex mode=sed field="Field1" "s/(-dp)|(_MSDP)//".

---
If this reply helps you, Karma would be appreciated.
Reply
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...