Splunk Search

regex question...

a212830
Champion

Hi,

I have an inputs.conf that has the following whitelist:

whitelist = (?i)vpxd-\d{5}\.log

The 5 was originally a 4, which relates to a pid number attached to the log. I found out the hard way, that the pid switched from 4 digits to 5 digits. My question is, how can I setup a regex that will handle any number of digits?

Tags (1)
0 Karma

_d_
Splunk Employee
Splunk Employee

Use the + quantifier:

(?i)vpxd-\d+.log

Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Get Updates on the Splunk Community!

Maximizing the Value of Splunk ES 8.x

Splunk Enterprise Security (ES) continues to be a leader in the Gartner Magic Quadrant, reflecting its pivotal ...

Operationalizing TDIR: Building a More Resilient, Scalable SOC

Optimizing SOC workflows with a unified, risk-based approach to Threat Detection, Investigation, and Response ...

Introducing .conf Stories Series!

“.conf Stories” Series – First Feature: Rich Mahlerwein   Every year .conf brings together some of the most ...