Splunk Search

regular expression to find special character

Motivator

I want to use regular expression which should get special charcter in Splunk
Please help in this

0 Karma
1 Solution

Legend

@logloganathan, based on the sample Data provided can you try the following:

 <yourBaseSearch>
 | rex field=_raw "(?<special_character>[^\w|\s]+)"

Following is the link to regex to test with your sample data: https://regex101.com/r/9K4Ugs/1

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

View solution in original post

0 Karma

Legend

@logloganathan, based on the sample Data provided can you try the following:

 <yourBaseSearch>
 | rex field=_raw "(?<special_character>[^\w|\s]+)"

Following is the link to regex to test with your sample data: https://regex101.com/r/9K4Ugs/1

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

View solution in original post

0 Karma

Motivator

thanks for your answer..Could you please post the same in answer box

0 Karma

Legend

@logloganathan, I have converted my comment to answer. Please accept to mark this question as answered 🙂

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

Legend

@logloganathan, please add a sample event and provide the details of which field you want to extract. As you might already know that regular expressions are very much pattern based and without sample/mocked up data it would be tough to assist. You should anonymize (so that pattern for regular expression remains the same) any sensitive data before posting the same.

You can always use tools like regex101.com to add sample data and test your own regular expressions.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

Motivator

sargünan ramesh where u is not normal
i want to get the word sargünan when it finds letter ü
similarly Tamil şangam where S is not normal but i want the word şangam to be displayed in output

0 Karma

Motivator

any update?

0 Karma

Motivator

Sure let me give the sample..

0 Karma

Super Champion

use backslashes \ before special character in regex.

0 Karma
Don’t Miss Global Splunk
User Groups Week!

Free LIVE events worldwide 2/8-2/12
Connect, learn, and collect rad prizes
and swag!