Re: trim a string

vinitpathri · ‎05-12-2020

i have a string
14/04/2020|A3|ABC149251|text i really need

can i run something which will trim this string from the end till it get 1st | (pipe symbol)?

i tried rex for this but some error is coming which i am not able to resolve, so thought of taking it the above way.
regular expression i am trying is

(?^\d{2}\/\d{2}\/\d{2,4}|A\d|\ABC\d*|)(?[\w*\s-]+).
getting below error
Error in 'rex' command: Encountered the following error while compiling the regex '(?^\d{2}\/\d{2}\/\d{2,4}|A\d|\INC\d*|)(?[\w*\s-]+)': Regex: unrecognized character follows .

please either correct my regex or let me know how to trim

vnravikumar · ‎05-12-2020

Hi

You can try this also

| makeresults 
| eval str="14/04/2020|A3|ABC149251|text" 
| rex field=str "(?P<output>[^|]+)$"

to4kawa · ‎05-12-2020

your search
| eval result=mvindex(split(_raw,"|"),-1)

no need rex

vinitpathri · ‎05-12-2020

lovely
it's working
thanks 🙂

to4kawa · ‎05-12-2020

you're welcome and please accept the answer.

vnravikumar · ‎05-12-2020

Hi

What is your expected output?

vinitpathri · ‎05-12-2020

output i am expecting : text i really need

trim a string

Routing logs with Splunk OTel Collector for Kubernetes

New This Month - Observability Updates Give Extended Visibility and Improve User ...

Intro to Splunk Synthetic Monitoring