Splunkers I am new to the community and learning the Art of splunk! I am searching raw data from a syslog server, the data that I am pulling usually looks like this. I post most of the data in case its needed. but most of the data that's security relevant has been replaced by ficticious characters. My focus is the "%ASA-6-106100" within the message log. I want to be able to pull only the six digits in the string "106100" So far I was able to develop a few Regular expression but in the process it pulls all the numbers that are place where the the "-6-" belongs. which takes my data and makes it messy I want to tell splunk to only search data with 6 charactors and that's it. index=syslog sourcetype=syslongisamazing "ASA" | rex field=Event_type_code ^(?<Events_code>\. \d\d\d\d\d\d) | table Event_Code_type This helps but like mentioned is pulls even the middle code withint my data. Thanks for your help community. 2020-10-IST10:04:10.339 192.168.264.264|192.168.162.321| MFRTRSyslog0453 <234>Oct 15 2020 08:04:10 xxxx-xxxx0234: %ASA-6-106100: --> access-list xxxx-xxx-xxxx001_access_in permitted tcp xxx-x-xx-xxxxx 1.1.1.1(3454) hit-cnt 1 hit [oxbc660c9] [ox3a234t435a7f]
... View more