Just curious about this. Most of the regular expressions I see splunk use look nothing like standard/posix regular expressions. Its making it a bit annoying for me.
From the Knowledge Manager Manual:
"Splunk regular expressions are PCRE (Perl Compatible Regular Expressions) and use the PCRE C library."
While it is PCRE for all other places, only for
Refer to documentation: https://docs.splunk.com/Documentation/Splunk/latest/Viz/tokens#Define_token_filtering_and_formatting
Refer to following amazing talk by @cpetterborg for .conf 2017: Beyond Regular Regular Expressions