Solved: Trying to combine two regexes into one

thepocketwade · ‎03-12-2010

I'm trying to throw out search results from a couple of different ip ranges. Currently I'm working with 2, but I might end up with three or more. Anywhoo, regex A looks like "XY.\d{1,3}.\d{1,3}.\d{1,3}" and regex B looks like "XYZ.AB.\d{1,3}.\d{1,3}"

I want one regex to match both. I thought that doing "XY.\d{1,3}.\d{1,3}.\d{1,3}|XYZ.AB.\d{1,3}.\d{1,3}" would do it, but it's not.

I've not had much luck finding help online, maybe you guys can help?

BunnyHop · ‎03-12-2010

Try this:

(XY.\d{1,3}|XYZ.AB).\d{1,3}.\d{1,3}

View solution in original post

gkanapathy · ‎03-12-2010

You may also want to look using into the where command with the cidrmatch() function:

http://docs.splunk.com/Documentation/Splunk/5.0/SearchReference/CommonEvalFunctions

BunnyHop · ‎03-12-2010

There's also something I noticed if you're performing the search on SplunkWEB, the search tends to become slow when you're searching regex from raw log files, than searching indexed fields.

BunnyHop · ‎03-12-2010

Try this:

(XY.\d{1,3}|XYZ.AB).\d{1,3}.\d{1,3}

thepocketwade · ‎03-12-2010

thanks, that did the trick.

Trying to combine two regexes into one

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

New Release | Splunk Cloud Platform 10.1.2507

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

Are you a member of the Splunk Community?

Trying to combine two regexes into one

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

New Release | Splunk Cloud Platform 10.1.2507

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2