Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Use regex to retrieve the source string

chrismok
Path Finder
‎10-02-2014 06:10 PM

Hi All,

As I want to retrieve part of the source name and inner join to the other source. I would like to use the regex to get the source. However I am not sure how to write it

Here the source name list

D:\\deploy\\logs\\uat\\20140929101121\\build1.log
//usr//bin//app1//log//dev//20140929100730//build2.log
//usr//bin//app1//log//dev//20140929100728//build1.log

And I would like to get the timestamp in the path.

20140929101121
20140929100730
20140929100728

The regex should be

 (\d+)(?=[\\\/]{2}[^\\\/]*$)

But I don't know how to implement to search query.

Regards,
Chris

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

chrismok
Path Finder
‎10-02-2014 06:53 PM

I found the solution. ..... The regex format is very different from javascript, .net.....

Here's my answer.

sourcetype=XXX| rex field=source "(\d+)(?=[\\\/](?.*)[\\\/]*$)"|table sss source

View solution in original post

Reply
Solved! Jump to solution

meenuvn
Explorer
‎05-16-2016 08:32 AM

Hi,
Need help with something similiar..Not able to generate the correct regex for this.
Source files and the needed extractions are shown below.
1) file.1000.1.log --Should return 1
2) file.1000.1.32.log -- Should return 1
3) file.1000.2.log -- Should return 2
4) file.1000.2.16.log --Should return 2
5) file.1000.2.32.log --Should return 2

0 Karma
Reply
Solved! Jump to solution
Solution

chrismok
Path Finder
‎10-02-2014 06:53 PM

I found the solution. ..... The regex format is very different from javascript, .net.....

Here's my answer.

sourcetype=XXX| rex field=source "(\d+)(?=[\\\/](?.*)[\\\/]*$)"|table sss source
Reply
Register for .conf25!
Get Updates on the Splunk Community!

Why You Can't Miss .conf25: Unleashing the Power of Agentic AI with Splunk & Cisco

The Defining Technology Movement of Our Lifetime The advent of agentic AI is arguably the defining technology ...

Deep Dive into Federated Analytics: Unlocking the Full Power of Your Security Data

In today’s complex digital landscape, security teams face increasing pressure to protect sprawling data across ...

Your summer travels continue with new course releases

Summer in the Northern hemisphere is in full swing, and is often a time to travel and explore. If your summer ...
Top