Hello there
What I'm doing is extracting fields from my log file and every entry has about 20 fields separated by commas, some of them empty. Something like this:
FULL,34,32136783,2012-03-07 14:23:43,120,,0,4|0|65|1|02,no_failure,,,,,,,no_text,10%,145432236,15-47658995,-1
(Please note the repeated commas twice, that's not a typing mistake. Those are empty fields)
It happens that I need to edit manualy the regex because the automatic recognition doesn't work well, but the windows dialog that opens by clicking 'Edit' doesn't let me write the very long regular expression I need. I can write exactly 200 characters and my regex is at least two times longer. And there you go:
^(?P<FIELDNAME1>[^,]+),(?P<FIELDNAME2>[^,]+),(?P<FIELDNAME3>[^,]+),... and so on 20 times
So, does anyone know how to solve this inconvenient? Another way to tell Splunk to extract those 20 fields? Or perhaps an equivalent, shorter regex?
Thank you whoever helps!
... View more