Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

regex Field Extraction

es2464
New Member
‎09-27-2012 11:46 PM

Hi, I have a data to be extracted. Below is the example data :

Add Content Menu Sections (confluence.menu.add, Version: 1.0, Installed: bundled)
Admin Sections (confluence.sections.admin, Version: 1.0, Installed: bundled)

I would like to get Add Content Meni Sections and Admin Sections as a field called 'Name', and confluence.menu.add and confluence.sections.admin as 'Package' field as well as 'Version' field.

My current regex is | rex "\\w*\\s*\\((?P<package>[^\\(]+),\\sVersion:\\s(?P<version>[^,]+)" and I only get 4 out of 50 of same formatted lines exist, using this regex.
Anyone has any idea? thanks.

0 Karma
Reply

kristian_kolb
Ultra Champion
‎09-28-2012 12:39 AM

This should work..

... | rex "(?<name>[\w\s]+)\s\((?<package>[^,]+),\sVersion:\s(?<version>[^,]+),"

Hope this helps,

Kristian

0 Karma
Reply

es2464
New Member
‎09-28-2012 12:03 AM

they both are matching

0 Karma
Reply

Ayn
Legend
‎09-27-2012 11:57 PM

Which lines are matching and which are not? Also do you use double backspaces just on this site or in your regex as well? They should be single backspaces only.

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...