×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
immutableT
Engager
Member since: ‎09-15-2023
‎09-18-2023
Community Statistics
Posts 1
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎09-15-2023
View All

How does rex fails to match files (regex expressio...

by in Splunk Search
‎09-15-2023 12:32 PM
‎09-15-2023 12:32 PM
Hello,  There must be something `rex` specific with my query below since it is not extracting the fields, while the regex works as expected when I test on regex101 (see https://regex101.com/r/g0TMS4/1)     eventtype="my_event_type" | rex field=responseElements.assumedRoleUser.arn /arn:aws:sts::(?<accountId>\d{12}):assumed_role\/(?<assumedRoled>.*)\/vault-oidc-(?<userId>\w+)-*./ | fields accountId, assumedRole, userId Sample data that fails to match: arn:aws:sts::984086324016:assumed-role/foo-admin-app/vault-oidc-foo-admin-app-1687793763-Qen4JHeRXYlB8Eoplkjs      Thanks Alex. ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎09-18-2023 12:35 PM
Karma given to
View All