I'm performing a search using advanced xml that returns a key/value pair (among other things).
I use the Filename key to perform a few searches, e.g. $Filename$ in a child module. Following that I need to slightly change the name and continue a new search. The name requires the addition of a few numbers and a change of the extension.
So I've been trying to work out the best/easiest way to change the name. I've attempted some regex ("rex" and "rex mode=sed") and am failing dismally, purely due to my inability to grasp the regex syntax I think). I also had a brief look at eval replace option, but struggled to understand its operation (as shown here : http://splunk-base.splunk.com/answers/6424/replace-parts-of-a-string).
If anyone can help with this it would be much appreciated. Also if someone does provide a regex answer, could you please explain how it does what it does, or point me to a page so I can reverse engineer the regex syntax to understand how it does what it does?
Thank you in advance..
... View more