Solved: Re: extract a field from csv file

harshal_chakran · ‎02-06-2014

Hi,

I have a CSV file, which after indexing looks like this

"data1","12-13",y,20,1,"31.034483"
"data1","12-13",y,20,1,"31.034483"
"data1","12-13",y,20,2,45
"data1","12-13",y,20,3,"31.372549"
"data1","12-13",y,20,4,20

I have written a rex command to get the last column values in a table, but not able see all the variables, as some of it is in ""(double quotes) and some not as well some has decimal points.
My rex command is:-

sourcetype=xyz|search data1|rex "(?i)^(?:[^,]*,){5}(?P<FIELDNAME>.+)"|table FIELDNAME

I want the table to be without double quotes ,as shown below:-

Please Help...!!!

Ayn · ‎02-06-2014

If you want to match the last field the best approach imho is to anchor your match against the end of the line, not against how many fields are before the last one. This regex should work:

"?([\d.]+)"?$

View solution in original post

Ayn · ‎02-06-2014

If you want to match the last field the best approach imho is to anchor your match against the end of the line, not against how many fields are before the last one. This regex should work:

"?([\d.]+)"?$

harshal_chakran · ‎02-07-2014

Superb..!!!It worked!!
Thanks Ayn...

Ayn · ‎02-07-2014

... | rex "\"?(?<myvalue>[\d.]+)\"?$" | table myvalue

harshal_chakran · ‎02-07-2014

Hi Ayn,
Can you please tell me how to put this regex, as I am new to it. Its very hard for me to understand.

extract a field from csv file

What the End of Support for Splunk Add-on Builder Means for You

Solve, Learn, Repeat: New Puzzle Channel Now Live

Building Reliable Asset and Identity Frameworks in Splunk ES

Are you a member of the Splunk Community?

extract a field from csv file

What the End of Support for Splunk Add-on Builder Means for You

Solve, Learn, Repeat: New Puzzle Channel Now Live

Building Reliable Asset and Identity Frameworks in Splunk ES