How to list out all the email addresses in a splunk search which displays the following results.
Storing shipConfirm email for abcabac123@msn.com Storing shipConfirm email for lkgjdlgfk@hotmail.co.uk Storing shipConfirm email for def.t.khv@gmail.co and so on
Try something like this
Your current search giving above output | rex field=YourFieldContainingEmailAddressLine max_match=0 "(?<email>[\w\d\.\-]+\@[\w\d\.]+)"
View solution in original post
I will suggest slightly improved version to cover some rare naming cases
(?<email>[\w\d\.\-\_]+\@[\w\d\.\-\_]+\.[\w\d]+)
Thanks it worked
