Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Single line of regex to extract multiple fields

token1
Explorer
‎06-18-2021 10:28 AM

I've seen the TA Unified2 do this, one single line of regex pulling all relevant fields from snort logs.  I'm wanting to do the same thing for some NetApp logs I have:

The regex101 URL is:  https://regex101.com/r/zlhxN9/1/

It has pretty good test data.  The first line is a very typical format.  The second line has a doozy, when an operation is carried out there is a field between the "::" delimitators that is further broken up with "<>" delimitators. 

I'm at a loss here as you can see in the regex101 URL.

Labels (1)
Labels
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎06-18-2021 03:59 PM

I am not sure what the question is here. Please can you explain further?

0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...