- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Re: Extract Area Code From Phone Numbers
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I wonder whether someone may be able to help me please.
I have a list of telephone numbers of varying length, but all with an area code at the beginning e.g. 44 for the UK.
What I'm trying to do is put together a regex which looks to see if the first three characters match 350, if they do then extract those 3 digits into my new field, or if they match 44, the extract those 2 digits into the same field.
This is what I've put together so far:
| rex field=telno "350?(?<area_code>\d{3})|44?(?area_code>\d{2})"
I've clearly gone wrong, because Splunk is returning a "unrecognised character" error.
Could someone possibly look at this please and offer some guidance on where I've gone wrong.
Many thanks and kind regards
Chris
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @IRHM73,
What you're looking for is way easier than what you've built, something like this :
| rex field=telno "(?<area_code>^350|^44)"
This will grab 350 if your number starts with that or 44 if it starts with that. Feel free to add the + sign if you need it. You can use www.regex101.com to validate your regexes it makes everything much easier.
Cheers,
David
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @IRHM73,
What you're looking for is way easier than what you've built, something like this :
| rex field=telno "(?<area_code>^350|^44)"
This will grab 350 if your number starts with that or 44 if it starts with that. Feel free to add the + sign if you need it. You can use www.regex101.com to validate your regexes it makes everything much easier.
Cheers,
David
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @DavidHourani . Thank you for your reply and solution. It works great.
Kind regards
Chris
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can you please provide some sample data (Please mask any sensitive data) ? I didn't get your question properly, do you want to extract 350 and 44 into same field or do you want to extract number after 350 and 44 ?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @harsmarvania57 . Thank you for taking the time to reply.
Your solution worked great.
Thank you and kind regards
Chris
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Great, earlier I thought that you want area code as number after 350 and 44 & that's why I deleted my answer earlier.
Database Performance Sidebar Panel Now on APM Database Query Performance & Service ...
IM Landing Page Filter - Now Available
Dynamic Links from Alerts to IM Navigators - New in Observability Cloud
