Solved: Re: How to create a regex to extract fields betwee...

Deepz2612 · ‎06-18-2019

Hi,help me in writing regex to extract field between two hyhpens.

Eg: S-STRA-32
F-FIDR-67

Thanks!

woodcock · ‎06-18-2019

Add this to your search:

... | rex max_match=0 "(?<=-)(?<betweenHyphens>[^-]+)(?=-)"

This captures multiples, even sequentials like when you do this, which the others do not:

|makeresults | eval _raw="foo-bar-bat-boo"
| rex max_match=0 "(?<=-)(?<betweenHyphens>[^-]+)(?=-)"

View solution in original post

woodcock · ‎06-18-2019

Add this to your search:

... | rex max_match=0 "(?<=-)(?<betweenHyphens>[^-]+)(?=-)"

This captures multiples, even sequentials like when you do this, which the others do not:

|makeresults | eval _raw="foo-bar-bat-boo"
| rex max_match=0 "(?<=-)(?<betweenHyphens>[^-]+)(?=-)"

vnravikumar · ‎06-18-2019

Hi

Try this

| makeresults 
| eval str="F-FIDR-67" 
| eval result = mvindex(split(str,"-"),1)

pranay_adla · ‎06-18-2019

   | rex field=<yourfield> "\-(?P<field_name>\w+)\-"

VatsalJagani · ‎06-18-2019

Hello @Deepz2612,

Please try regex: -(?<your_field>.*)-. You will get value between two hyphen in "your_field" field.

This will work but if you have further information about elements on both side of hyphen you can make regex faster. For example I'm assuming we have only one characters on left side of hyphen and some digits on right side of hyphen we can use regex: [a-zA-Z]-(?<your_field>.*)-\d+.

Hope this helps!!!

harsmarvania57 · ‎06-18-2019

Hi,

Please try below regex, it will extract data in new field called extracted_field

<yourBaseSearch>
| rex field=<yourfield> "^[^\-]+\-(?<extracted_field>[^\-]+)\-"

How to create a regex to extract fields between two hyphens?

Introducing the Splunk Community Dashboard Challenge!

Get the T-shirt to Prove You Survived Splunk University Bootcamp

Wondering How to Build Resiliency in the Cloud?