×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Xandervzyl
Engager
Member since: ‎09-16-2021
‎02-24-2022
Community Statistics
Posts 3
Solutions 0
Karma Given 7
Karma Received 0
Member Since ‎09-16-2021
Activity Feed
View All

Is it possible to use modular regular expressions ...

by in Getting Data In
‎10-01-2021 02:22 AM
‎10-01-2021 02:22 AM
I was trying to extract an ip address field. During a search, using |rex "[[ipv4]]" works fine and creates an ip field.  I then wanted to save this field extraction, so I used the field extractor to do so, edited the regular expression to [[ipv4]] and saved it, but it did not work. I tried taking it down a level, editing the saved regular expression to  (?<ip>[[octet]](?:\.[[octet]]){3}) which also works while using the rex command during a search, but did not work saving it in the field extractor. I took it down one final level changing it to (?<ip>(?:2(?:5[0-5]|[0-4][0-9])|[0-1][0-9][0-9]|[0-9][0-9]?)(?:\.(?:2(?:5[0-5]|[0-4][0-9])|[0-1][0-9][0-9]|[0-9][0-9]?)){3}) which doesn't use modular regular expressions, but finally does work in both the search and the saved field extraction. I haven't found anything in the splunk docs that say modular regular expressions can't be used in the field extractor, so I thought it would be best to check here if that was the case, or if there is maybe some other issue I can't think of. ... View more

Do you have any recommendations for freely availab...

by in Getting Data In
‎09-26-2021 03:31 PM
‎09-26-2021 03:31 PM
I know this is a niche and rookie question, but maybe someone out there can provide some guidance. I'm quite new to Splunk. I have practiced inputting data and working with it in Fundamentals 1, but I believe inputting other types of data and working with it will be good in helping me learn. I'm enjoying learning Spunk, but I lack a lot of experience in data analytics. I don't know where to start looking for good practice data. I don't expect many people to have practice data readily available, even so, thank you for hearing me out. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎02-24-2022 05:34 AM
Karma given to