Solved: expression to capture all the delimiters and repla...

Splunkerninja · ‎05-15-2024

Hi,

I have to replace all the possible delimiters in the field with space so that I capture each word separately.

Example: 5bb2a5-bb04-460e-a7bc-abb95d07a13_Setgfub.jpg I need to remove the extension as well it could be anything so .csv or .xslx or .do

I need the output as below
5bb2a8d5

bb04

460e

a7bc

bb995d07a13

Setgfub

I came up with expression which works fine but i need this either in regular expression or eval expression as I am using it for data model.

| makeresults 
| eval test="ton-o-mete_r v4.pdf" 
| rex field=test mode=sed "s/\-|\_|\.|\(|\)|\,|\;/ /g"
| eval temp=split('test'," "

richgalloway · ‎05-15-2024

Try this rex command. It extracts the individual fields directly.

| makeresults 
| eval test="ton-o-mete_r v4.pdf" 
| rex field=test max_match=0 "(?<temp>[^\-_\.\(\),;\s]+)"

---
If this reply helps you, Karma would be appreciated.

richgalloway · ‎05-15-2024

Try this rex command. It extracts the individual fields directly.

| makeresults 
| eval test="ton-o-mete_r v4.pdf" 
| rex field=test max_match=0 "(?<temp>[^\-_\.\(\),;\s]+)"

---
If this reply helps you, Karma would be appreciated.

expression to capture all the delimiters and replace with space