Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
466 results
Sorted by:
01-26-2017
09:19 AM
I am trying to understand more about a regular expression query used in Splunk. what does character P stands for in the regex example?
(?P)
03-22-2011
02:25 PM
4 Karma
Just curious about this. Most of the regular expressions I see splunk use look nothing like standard/posix regular expressions. Its making it a bit annoying for me.
- Tags:
- regex
Show results in replies (4)
-
That link does not work are you referring to "About Splunk Regular Expressions" ?
-
From the Knowledge Manager Manual: "Splunk regular expressions are PCRE (Perl Compatible Regular...
-
...sing Simple XML JS Extension to Splunk Simple XML Dashboards also we would use JavaScript Regular Expressions...
-
PCRE
12-01-2020
04:12 PM
...bsp;
https://docs.splunk.com/Documentation/Splunk/8.1.0/Admin/Restmapconf#restmap.conf.example doesn't appear to say anything about "match" being a regular expression.
- Tags:
- handler
- restmap.conf
04-26-2018
01:23 PM
...he Regex (Regular Expressions) code for that is /d/d/d/d however, I am unsure how to implement that into my store search input panel.
<input type="text" token="Store_num"&g...
03-16-2015
03:24 AM
...eadEA|1=Append|1=Write|1=Read|"
This comes as one event in Splunk and anything after |ALLOW is repeated as many times as there are groups defined in the ACL (so unknown number of repeats).
W...
05-29-2023
05:31 AM
I have an input string which contains strings like code =test1 description=test1 description status = pending,code =test2 description=test2 description status = COMPLTED, code ...
Labels
- Labels:
-
field extraction
-
regex
Show results in replies (5)
-
...nformation about status, you could run: index=your_index | stats count BY Code status Ciao. Giuseppe
-
Hi @ABHAYA, if you have all the fields in the same event, you have to divide it using somethi...
-
code =test1 description=test1 description status = pending,code =test2 description=test...
-
| rex max_match=0 "code\s*=\s*(?<code>\S+)" | stats count by code
-
Luckily each test segment is delimited by comma. You can use that to break the raw input into...
04-12-2018
02:55 AM
...ith regular expressions.
I`ve tried this
(?(?=\b-\b)(?P<ProfileStep>[^-"]+)|(?P<ProfileStep>[^"]+))
But splunk says "Regex: two named subpatterns have the same name"
I w...
08-24-2022
02:28 AM
I need to write regular expression to extract few fields in this, but not able to figure this out. Can you please help me on the same.
X-Response-Timestamp: 2022-08-24T07:27:26.150Z x-amzn-R...
- Tags:
- alert
Labels
- Labels:
-
saved search
07-18-2012
01:10 PM
.../"
I am familiar with how to create the alerts from a saved search but this syntax is not returning anything and the Splunk documentation for regular expressions is very vague. What is the c...
08-17-2017
09:31 AM
2 Karma
...AppName=replace(Application_Name, ".+\\", "")
but when i try to do it Splunk tells me "Error in 'eval' command: Regex: \ at end of pattern"
Why is that? and how can i solve it?
Thanks a lot f...
