Re: regex Field Extraction

es2464 · ‎09-27-2012

Hi, I have a data to be extracted. Below is the example data :

Add Content Menu Sections (confluence.menu.add, Version: 1.0, Installed: bundled)
Admin Sections (confluence.sections.admin, Version: 1.0, Installed: bundled)

I would like to get Add Content Meni Sections and Admin Sections as a field called 'Name', and confluence.menu.add and confluence.sections.admin as 'Package' field as well as 'Version' field.

My current regex is | rex "\\w*\\s*\\((?P<package>[^\\(]+),\\sVersion:\\s(?P<version>[^,]+)" and I only get 4 out of 50 of same formatted lines exist, using this regex.
Anyone has any idea? thanks.

kristian_kolb · ‎09-28-2012

This should work..

... | rex "(?<name>[\w\s]+)\s\((?<package>[^,]+),\sVersion:\s(?<version>[^,]+),"

Hope this helps,

Kristian

es2464 · ‎09-28-2012

they both are matching

Ayn · ‎09-27-2012

Which lines are matching and which are not? Also do you use double backspaces just on this site or in your regex as well? They should be single backspaces only.

regex Field Extraction

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

Are you a member of the Splunk Community?

regex Field Extraction

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability