Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Why is my regex for SEDCMD in props.conf not removing repeated dashes when parsing data?

daniel333
Builder
‎02-29-2016 08:50 PM

My developers are adding dashes --- in their logs all over. Sometimes 1.. sometimes 10 dashes. Makes them look really ugly in Splunk. Hoping to remove them using SEDCMD. Any idea why this isn't working? 

SEDCMD-fixdash=s/[-]*/-/g

thanks,
-Daniel

0 Karma
Reply

s2_splunk
Splunk Employee
Splunk Employee
‎02-29-2016 10:34 PM

If they are your developers, make them stop doing that stuff and log JSON instead. 😉

Reply

s2_splunk
Splunk Employee
Splunk Employee
‎02-29-2016 10:19 PM

Try SEDCMD-fixdash=s/-+/-/g
Dash is not a RegEx special character, so no character class needed. '+' means 'one or more'.

Reply
Get Updates on the Splunk Community!

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...