Solved: extract a field from csv file

harshal_chakran · ‎02-06-2014

Hi,

I have a CSV file, which after indexing looks like this

"data1","12-13",y,20,1,"31.034483"
"data1","12-13",y,20,1,"31.034483"
"data1","12-13",y,20,2,45
"data1","12-13",y,20,3,"31.372549"
"data1","12-13",y,20,4,20

I have written a rex command to get the last column values in a table, but not able see all the variables, as some of it is in ""(double quotes) and some not as well some has decimal points.
My rex command is:-

sourcetype=xyz|search data1|rex "(?i)^(?:[^,]*,){5}(?P<FIELDNAME>.+)"|table FIELDNAME

I want the table to be without double quotes ,as shown below:-

Please Help...!!!

Ayn · ‎02-06-2014

If you want to match the last field the best approach imho is to anchor your match against the end of the line, not against how many fields are before the last one. This regex should work:

"?([\d.]+)"?$

View solution in original post

Ayn · ‎02-06-2014

If you want to match the last field the best approach imho is to anchor your match against the end of the line, not against how many fields are before the last one. This regex should work:

"?([\d.]+)"?$

harshal_chakran · ‎02-07-2014

Superb..!!!It worked!!
Thanks Ayn...

Ayn · ‎02-07-2014

... | rex "\"?(?<myvalue>[\d.]+)\"?$" | table myvalue

harshal_chakran · ‎02-07-2014

Hi Ayn,
Can you please tell me how to put this regex, as I am new to it. Its very hard for me to understand.

extract a field from csv file

AppDynamics Summer Webinars

SOCin’ it to you at Splunk University

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

Are you a member of the Splunk Community?

extract a field from csv file

AppDynamics Summer Webinars

SOCin’ it to you at Splunk University

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor