Solved: regular expression to extract lines of text betwee...

satya671 · ‎02-06-2022

suppose i had data like below field="_raw"

afadfadfadf

afadsfagafg

adfafafa

string1 .........

afjal;dkfhao ilhaf

ajkf;haldghag;lakg

akuhfajkdhfalkfha;

auhaghkajdgakg

jkalfagafg

string2.........

afdasdgadfas

**bleep**adgafgafgaf

agfgertfergreg

And i want to extract the data in between string1 and string2

venkatasri · ‎02-06-2022

Hi @satya671

| makeresults 
| eval _raw="afadfadfadf
afadsfagafg

adfafafa

string1 .........

afjal;dkfhao ilhaf

ajkf;haldghag;lakg

akuhfajkdhfalkfha;

auhaghkajdgakg

jkalfagafg

string2.........

afdasdgadfas" 
| rex "string1(?<extracted>(.|\n)*?)string2" 
| table extracted

You could try this.

View solution in original post

venkatasri · ‎02-06-2022

Hi @satya671

| makeresults 
| eval _raw="afadfadfadf
afadsfagafg

adfafafa

string1 .........

afjal;dkfhao ilhaf

ajkf;haldghag;lakg

akuhfajkdhfalkfha;

auhaghkajdgakg

jkalfagafg

string2.........

afdasdgadfas" 
| rex "string1(?<extracted>(.|\n)*?)string2" 
| table extracted

You could try this.

satya671 · ‎02-06-2022

Thanks @venkatasri it's working as expected 🙂

regular expression to extract lines of text between two different texts

regex

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?