Noob. Trying to only retrieve the log names (ex. utility.log) after the last slash
Does anyone have any ideas as to why my regex returns the error below? Thanks all!
| rex field=source "\\\([^\\\]+)$"
Error in 'rex' command: Encountered the following error while compiling the regex '([^]+)$': Regex: missing terminating ] for character class.
P.S. The regex I am using above worked on regex 101
Sorry, I should have been more clear. I need to capture everything after the last slash for all 5 logs.
Moreover, I couldn't get what you sent (entering the log name in individually) to work in regex 101 or splunk.
sorry, did you tried with
| rex field=source "\\(?<log_name>\w+\.\w+)$"
As you can see in regex101, it extracts all the requested filenames that are after tha last backslash.
Thanks. it required 3 slashes after the first quote.. and then it worked..thanks again! For some reason the 3rd slash (which I assume you posted) gets cut off when posting to the forum
| rex field=source "\(?\w+.\w+)$"
lol...oh well i guess i cant post the correct code. it keeps getting overwritten during posting . anyway thanks Giuseppe. what you have is correct it just requires 3 slashes after the first quote