Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

regex delimiters & config file formatting

Gregory_Lapchen
Engager
‎02-09-2011 09:40 PM

I'm experiencing a subtle issue, which is not very apparent due to lack of delimiters around regular expressions, where the space after the '=' sign is being parsed as part of the regular expression. Considering most config files use spaces around the '=' sign for readability, this becomes confusing.

REGEX = info

This expression would match " info" vs "info". I.e. "abc info" would match, and "abcinfo" would not.

Is this expected behavior?

Tags (1)
Reply

aojie654
Path Finder
‎04-26-2019 01:34 AM

Hi, @Gregory Lapchenko:

I'll use _ in this answer to recognize space.
I feel sorry about that I'm not very clearly to understand your puzzle. From what I understand, are you want to match just _info but not abc_info? If so, maybe the regex expression is \s+info to match _info, or [^\s]*?\sinfo to match abc_info.

0 Karma
Reply

Boopalan
New Member
‎04-26-2019 12:13 AM

Below Regex will work as expected for you:
REGEX=\s+info

0 Karma
Reply

gkanapathy
Splunk Employee
Splunk Employee
‎02-09-2011 11:15 PM

You can either use \s (which would match either a space or a tab) or [ ] (just the space) in a regex to represent a space, and it's usually a good idea to do so if you've got it at the beginning of a regex. I wonder if you might prefer to use \b (word boundary) before the info as well.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...