Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

What is a regular expression that ignores whitespace and text, and captures only numbers of varying lengths?

Lucas_Henry_
New Member
‎08-05-2016 07:56 AM

I'm trying to write a regular expression that will find only the numbers in the string of text below:

MemTotal: 16328352 kB

I don't want the alphabetical or whitespace characters. I just want (in this example) "16328352".

I can't find a specification on a regular expression that will ignore certain data types, however.

0 Karma
Reply

sundareshr
Legend
‎08-05-2016 10:41 AM

You already have 4 options, why not one more 🙂 Try this

MemTotal:\s*(?<mem>\d+)"
0 Karma
Reply

somesoni2
Revered Legend
‎08-05-2016 08:24 AM

Give this a shot

MemTotal\:\s+(?<MemoryTotal>[^\s]+)
0 Karma
Reply

inventsekar
SplunkTrust
SplunkTrust
‎08-05-2016 08:20 AM

edit - tried this and its working good.

sourcetype=rexmemtotal | rex field=_raw "(MemTotal:\s+(?P<rexmemtotal>\d+))" | table rexmemtotal _raw
0 Karma
Reply

skoelpin
SplunkTrust
SplunkTrust
‎08-05-2016 08:00 AM

Try this

... | rex (?P<MemTotal>(?<=MemTotal\:\s)\d+(?=\s\w{2}))

Reply

Lucas_Henry_
New Member
‎08-05-2016 08:08 AM

What would this look like if I were to plug it into the field extractor tool?

0 Karma
Reply

skoelpin
SplunkTrust
SplunkTrust
‎08-05-2016 08:10 AM

Like this

(?P<MemTotal>(?<=MemTotal\:\s)\d+(?=\s\w{2}))

0 Karma
Reply

Lucas_Henry_
New Member
‎08-05-2016 08:13 AM

Still nothing, unfortunately.

If it helps, the amount of whitespace and the number of integers will vary between records.

0 Karma
Reply

skoelpin
SplunkTrust
SplunkTrust
‎08-05-2016 08:31 AM

Ahh yeah the amount of whitespace mattered, but this should work

(?P<MemTotal>MemTotal\:\s+(?<MemoryTotal>[^\s]+))

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎08-05-2016 08:00 AM

Try "MemTotal: (?<memTotal>\d+)".

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

Lucas_Henry_
New Member
‎08-05-2016 08:09 AM

No dice. It didn't extract anything.

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎08-05-2016 08:13 AM

Did you use it in a rex command?

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

Lucas_Henry_
New Member
‎08-05-2016 08:14 AM

No. I'm trying to use the field extractor because the info is for a non-dev unit

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

&#x1f342; Fall into November with a fresh lineup of Community Office Hours, Tech Talks, and Webinars we’ve ...

Transform your security operations with Splunk Enterprise Security

Hi Splunk Community, Splunk Platform has set a great foundation for your security operations. With the ...

Splunk Admins and App Developers | Earn a $35 gift card!

Splunk, in collaboration with ESG (Enterprise Strategy Group) by TechTarget, is excited to announce a ...