how to read comment line

pragycho · ‎01-22-2021

Hi ,

I have data where i want to read comment line and store value in field.

for example , I have log where first 4 line field is in commented for Version, Date, System, Software

#Version: 1.0
#Date: 2020-04-18 11:10:15
#System: 10.244.32.81 - SCWSA-7HBA-0001.nbnco.local
#Software: ABC for Web 11.8.0-414

My query : i have 4 field in datamodel for ver , date, system, software .now i want to store commented data in this field. so how to write the regex expression for this so-that i can see value in datamodel for this commented line

pragycho · ‎03-04-2021

thanks for replying

alonsocaio · ‎01-22-2021

Hi @pragycho , this could be used as a generic regex for extracting these fields:

\#\w+\:\s(.+)$

If you need a regex for each field, you can try something like this:

\#Version\:\s(?<version>.+)$
\#Date\:\s(?<date>.+)$
\#System\:\s(?<system>.+)$
\#Software\:\s(?<software>.+)$

how to read comment line

field extraction

regex

rex

Welcome to the Splunk Community!

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Adoption of RUM and APM at Splunk