Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

regex to match everything between the 25th and 130th characters in a line

mritenburg
New Member
‎12-20-2012 08:52 AM

Hello,

I am trying to craft a regex to match everything between the 25th and 130th character in a line. I am having no success. Someone suggested ^.{25} (?P<FIELDNAME>.{130} but that doesn't work at all. Does anyone know how to create this regex?

Thank you!

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

alacercogitatus
SplunkTrust
SplunkTrust
‎12-20-2012 09:34 AM

The regex you provided will first match characaters 1-25. The capturing group (while incomplete) would then catch the next 130 characters, not upto the 130th character.

Try this: ^.{25}(?P<fieldname>.{1,105}). This should grab everything from 25-130, and will also grab anything that may be less than 130.

View solution in original post

Reply
Solved! Jump to solution

rtadams89
Contributor
‎12-20-2012 10:09 AM

Depending on what you are trying to accomplish, you may be better off using the eval substr() function. For example:

... | eval newField=substr(field, 26, 104)

Otherwise, you can use this regex to extract the same thing:

^.{25}(?P<newField>.{0,105})
0 Karma
Reply
Solved! Jump to solution
Solution

alacercogitatus
SplunkTrust
SplunkTrust
‎12-20-2012 09:34 AM

The regex you provided will first match characaters 1-25. The capturing group (while incomplete) would then catch the next 130 characters, not upto the 130th character.

Try this: ^.{25}(?P<fieldname>.{1,105}). This should grab everything from 25-130, and will also grab anything that may be less than 130.

Reply
Solved! Jump to solution

mritenburg
New Member
‎12-20-2012 10:11 AM

This works perfectly ^.{25}(?P.{1,105}).

Thank you!

0 Karma
Reply
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  &#x1f680; Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...