regex delimiters & config file formatting

Gregory_Lapchen · ‎02-09-2011

I'm experiencing a subtle issue, which is not very apparent due to lack of delimiters around regular expressions, where the space after the '=' sign is being parsed as part of the regular expression. Considering most config files use spaces around the '=' sign for readability, this becomes confusing.

REGEX = info

This expression would match " info" vs "info". I.e. "abc info" would match, and "abcinfo" would not.

Is this expected behavior?

aojie654 · ‎04-26-2019

Hi, @Gregory Lapchenko:

I'll use _ in this answer to recognize space.
I feel sorry about that I'm not very clearly to understand your puzzle. From what I understand, are you want to match just _info but not abc_info? If so, maybe the regex expression is \s+info to match _info, or [^\s]*?\sinfo to match abc_info.

Boopalan · ‎04-26-2019

Below Regex will work as expected for you:
REGEX=\s+info

gkanapathy · ‎02-09-2011

You can either use \s (which would match either a space or a tab) or [ ] (just the space) in a regex to represent a space, and it's usually a good idea to do so if you've got it at the beginning of a regex. I wonder if you might prefer to use \b (word boundary) before the info as well.

regex delimiters & config file formatting

Dashboards: Hiding charts while search is being executed and other uses for tokens

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

Brains, Bytes, and Boston: Learn from the Best at .conf25

Are you a member of the Splunk Community?

regex delimiters & config file formatting

Dashboards: Hiding charts while search is being executed and other uses for tokens

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

Brains, Bytes, and Boston: Learn from the Best at .conf25