Splunk Search

What regex search could I use to find fields that contain exactly 6 digits?

Piggyy
New Member

I need to search for fields that contain exactly 6 digits.

For example, it should return fields that contain "123456".

I'm currently trying regex_raw="\d{6}" but I think I'm missing something or doing something wrong. Any help would be appreciated!

Tags (2)
0 Karma

johnnyfrx
Path Finder

Something like this might work

(?<!\d)\d{6}(?!\d)

mayurr98
SplunkTrust
SplunkTrust

Try this

<your search query> | rex field=_raw "(?<six>\d{6})" | search six=*

let me know if this helps!

0 Karma

richgalloway
SplunkTrust
SplunkTrust

regex "\d{6}" should work. What results are you getting? Can you share the full query in case the problem lies elsewhere?

---
If this reply helps you, an upvote would be appreciated.
0 Karma
.conf21 CFS Extended through 5/20!

Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!

Call for Speakers has
been extended through
Thursday, 5/20!