how to read comment line

pragycho · ‎01-22-2021

Hi ,

I have data where i want to read comment line and store value in field.

for example , I have log where first 4 line field is in commented for Version, Date, System, Software

#Version: 1.0
#Date: 2020-04-18 11:10:15
#System: 10.244.32.81 - SCWSA-7HBA-0001.nbnco.local
#Software: ABC for Web 11.8.0-414

My query : i have 4 field in datamodel for ver , date, system, software .now i want to store commented data in this field. so how to write the regex expression for this so-that i can see value in datamodel for this commented line

pragycho · ‎03-04-2021

thanks for replying

alonsocaio · ‎01-22-2021

Hi @pragycho , this could be used as a generic regex for extracting these fields:

\#\w+\:\s(.+)$

If you need a regex for each field, you can try something like this:

\#Version\:\s(?<version>.+)$
\#Date\:\s(?<date>.+)$
\#System\:\s(?<system>.+)$
\#Software\:\s(?<software>.+)$

how to read comment line

field extraction

regex

rex

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation

how to read comment line

field extraction

regex

rex

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future