Solved: how to write Regex expression

Paul_tcs · ‎07-05-2013

Hi xperts,

Am new to splunk. I am uploading my data into the splunk. when i see the preview, it shows me all the events in the only line. i have the date 10:22:58 04/16/2013 as seprater. i want to break the line for new event after this type of time stamp. when i go through the kbs and articles, i found the term as regex..kindly help me how to write the regex with examples.

gfuente · ‎07-05-2013

Here you go:

\d{2}:\d{2}:\d{2}\s\d{2}/\d{2}/\d{4}

Regards

View solution in original post

gfuente · ‎07-05-2013

Here you go:

\d{2}:\d{2}:\d{2}\s\d{2}/\d{2}/\d{4}

Regards

Paul_tcs · ‎07-05-2013

really ur maverick...its worked....

Paul_tcs · ‎07-05-2013

can uhelp me how to write this regex..

Paul_tcs · ‎07-05-2013

10:22:58 04/16/2013 alert
alert-type: SNMPTrap
alert-name: Unix_CPU_Composite_Normal
alert-failed: true
alert-message: SiteScope/dbnk04p4/CPU & CPU Load/1/no items checked/10:22 AM 4/16/13
alert-monitor: CPU & CPU Load

10:22:59 04/16/2013 alert
alert-type: SNMPTrap
alert-name: Memory_Normal
alert-failed: true
alert-message: SiteScope/dbnk04p4/Memory/1/2% swap space used, 80280MB swap space free; 97% physical memory used, 882MB physical memory free/10:22 AM 4/16/13
alert-monitor: Memory

gfuente · ‎07-05-2013

Add a sample of data to make easier help you

how to write Regex expression

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)