Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

regular expression

sphiwee
Contributor
‎10-13-2020 09:25 AM

Can i get a regular expression to show TSK KUBHEKA v2.0.70 from the below extract





2020-10-13 17:24:15 [bp-[xxxxxxxxx]-completeMachineRun-2053693] HitService [INFO] Created typed run Run: id=2053695, xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx name=AO TSK KUBHEKA v2.0.70 (verificationservice_VerificationFinalization) {size:0, status:READY_TO_PROCESS, rootRun:2c863fbe-7896-4e98-8f7f-7c79f930ab86, data:}

Labels (1)
Labels
0 Karma
Reply

inventsekar
SplunkTrust
SplunkTrust
‎10-13-2020 09:50 AM 
| makeresults |eval log="2020-10-13 17:24:15 [bp-[xxxxxxxxx]-completeMachineRun-2053693] HitService [INFO] Created typed run Run: id=2053695, xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx name=AO TSK KUBHEKA v2.0.70 (verificationservice_VerificationFinalization) {size:0, status:READY_TO_PROCESS, rootRun:2c863fbe-7896-4e98-8f7f-7c79f930ab86, data:}" | rex field=log "name\=\w+\s+(?<name_field>.*)\(" | table name_field

rex-name.jpg

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !
Reply

sphiwee
Contributor
‎10-13-2020 10:53 AM

im sorry please include 

(verificationservice_VerificationFinalization)
0 Karma
Reply

inventsekar
SplunkTrust
SplunkTrust
‎10-13-2020 11:03 AM

Please update that rex last part of the rex -  "\(" replace with "\{". 


EDIT - added  the image and edited the code

| makeresults |eval log="2020-10-13 17:24:15 [bp-[xxxxxxxxx]-completeMachineRun-2053693] HitService [INFO] Created typed run Run: id=2053695, xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx name=AO TSK KUBHEKA v2.0.70 (verificationservice_VerificationFinalization) {size:0, status:READY_TO_PROCESS, rootRun:2c863fbe-7896-4e98-8f7f-7c79f930ab86, data:}" | rex field=log "name\=\w+\s+(?<name_field>.*)\{" | table name_field

rex-name-new.jpg

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎10-13-2020 09:29 AM

Hi @sphiwee,

check if a regex like this can solve your problem:

| regex "name\=\w+\s+(?<my_field>.*)\s+v\d+\.\d+\.\d+"

that you can test at https://regex101.com/r/0eFSVC/1

Ciao.

Giuseppe

Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Register for .conf25!
Get Updates on the Splunk Community!

.conf25 Global Broadcast: Don’t Miss a Moment

Hello Splunkers, .conf25 is only a click away.  Not able to make it to .conf25 in person? No worries, you can ...

Observe and Secure All Apps with Splunk

 Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What's New in Splunk Observability - August 2025

What's New We are excited to announce the latest enhancements to Splunk Observability Cloud as well as what is ...