Solved: how to write Regex expression

Paul_tcs · ‎07-05-2013

Hi xperts,

Am new to splunk. I am uploading my data into the splunk. when i see the preview, it shows me all the events in the only line. i have the date 10:22:58 04/16/2013 as seprater. i want to break the line for new event after this type of time stamp. when i go through the kbs and articles, i found the term as regex..kindly help me how to write the regex with examples.

gfuente · ‎07-05-2013

Here you go:

\d{2}:\d{2}:\d{2}\s\d{2}/\d{2}/\d{4}

Regards

View solution in original post

gfuente · ‎07-05-2013

Here you go:

\d{2}:\d{2}:\d{2}\s\d{2}/\d{2}/\d{4}

Regards

Paul_tcs · ‎07-05-2013

really ur maverick...its worked....

Paul_tcs · ‎07-05-2013

can uhelp me how to write this regex..

Paul_tcs · ‎07-05-2013

10:22:58 04/16/2013 alert
alert-type: SNMPTrap
alert-name: Unix_CPU_Composite_Normal
alert-failed: true
alert-message: SiteScope/dbnk04p4/CPU & CPU Load/1/no items checked/10:22 AM 4/16/13
alert-monitor: CPU & CPU Load

10:22:59 04/16/2013 alert
alert-type: SNMPTrap
alert-name: Memory_Normal
alert-failed: true
alert-message: SiteScope/dbnk04p4/Memory/1/2% swap space used, 80280MB swap space free; 97% physical memory used, 882MB physical memory free/10:22 AM 4/16/13
alert-monitor: Memory

gfuente · ‎07-05-2013

Add a sample of data to make easier help you

how to write Regex expression

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Data Management Digest – May 2026

Join the Conversation