Splunk Search

regex to remove first occuring numeric values with coma

DataOrg
Builder

I want to remove the numeric value and comma which is occurring on the first line beginning

1,Woolworths appoints new chief executive
2,Retailer Woolworths has appointed Roy Bagattini as its new group chief executive officer (CEO), with former chief Ian Moir set to step down on 16 February.
123,Walmart is joining Albertsons and Kroger

Tags (2)
0 Karma
1 Solution

nickhills
Ultra Champion

Hi @premranjithj

Try something like this:

your search...|rex field=_raw "^\d+\,(?P<text>.+)$"

If that original string is already extracted to another field, replace _raw with your fieldname.

Let me know if that works!
https://regex101.com/r/W7Ea2p/1

If my comment helps, please give it a thumbs up!

View solution in original post

vnravikumar
Champion

Hi @premranjithj

Try this

| makeresults 
| eval string="1,Woolworths appoints new chief executive#
2,Retailer Woolworths has appointed Roy Bagattini as its new group chief executive officer (CEO), with former chief Ian Moir set to step down on 16 February.#
123,Walmart is joining Albertsons and Kroger" 
| makemv delim="#" string 
| mvexpand string 
| eval temp=split(string,",") 
| eval result=mvindex(temp,1) |table result

jawaharas
Motivator

Where does the '#' comes from?

0 Karma

vnravikumar
Champion

For creating dummy event I had added # in the text to break

0 Karma

DataOrg
Builder

@vnravikumar thanks it worked

0 Karma

nickhills
Ultra Champion

Hi @premranjithj

Try something like this:

your search...|rex field=_raw "^\d+\,(?P<text>.+)$"

If that original string is already extracted to another field, replace _raw with your fieldname.

Let me know if that works!
https://regex101.com/r/W7Ea2p/1

If my comment helps, please give it a thumbs up!

DataOrg
Builder

@nickhillscpl cool ! worked , thanks

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...