Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Splunk Search
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- How to extract filename from fields?
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
dhirendra761
Contributor
06-19-2019
12:22 AM
I am trying to extract a filename Nsences_2016_10_10_12_50.csv from below field value.
D:\Program Files\X620\ABC\TGF\Files\sss\Nsences_2016_10_10_12_50.csv Complete, status : 226 Transfer complete."
| rex field=raw_field "D:\\(.+\\)*(?<filename>.*)\.csv Complete, status : 226 Transfer complete.
I am extracting as below.
| makeresults
| eval raw_field="D:\Program Files\X620\ABC\TGF\Files\sss\Nsences_2016_10_10_12_50.csv Complete, status : 226 Transfer complete."
| rex field=raw_field "D:\\(.+\\)*(?<filename>.*)\.csv Complete, status : 226 Transfer complete."
| table raw_field filename
Please help me. Thanks in advance.
Dhirendra
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
harsmarvania57
Ultra Champion
06-19-2019
12:50 AM
Hi,
Please try below regex.
<yourBaseSearch>
| rex field=<yourfield> "\x5c(?<filename>[^\x5c]+\.[^\s]+)"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
vinod94
Contributor
06-19-2019
01:18 AM
| makeresults
| eval date="D:\Program Files\X620\ABC\TGF\Files\sss\Nsences_2016_10_10_12_50.csv Complete, status : 226 Transfer complete."
| rex field=date "\\\Files.*\\\(?P<filename>.+)\s\w+,"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
dhirendra761
Contributor
06-19-2019
02:48 AM
Thank you for your answer @vinod94
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
harsmarvania57
Ultra Champion
06-19-2019
12:50 AM
Hi,
Please try below regex.
<yourBaseSearch>
| rex field=<yourfield> "\x5c(?<filename>[^\x5c]+\.[^\s]+)"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
dhirendra761
Contributor
06-19-2019
02:48 AM
Thanks @harsmarvania57 for your answer 🙂
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
harsmarvania57
Ultra Champion
06-19-2019
04:41 AM
Welcome 🙂
Get Updates on the Splunk Community!
Enterprise Security Content Update (ESCU) | New Releases
In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...
Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?
(This is the first of a series of 2 blogs).
Splunk Enterprise Security is a fantastic tool that offers robust ...
Index This | What are the 12 Days of Splunk-mas?
December 2024 Edition
Hayyy Splunk Education Enthusiasts and the Eternally Curious!
We’re back with another ...
