Solved: How to extract username from my data?

thambisetty_bal · ‎02-02-2017

Hi Splunkers,

I have been struggling to extract user name from below values of user.

user
--------
user1@sa.com
sab\user2
user3

OUTPUT
------------
user1
user2
user3

kindly help me out..

somesoni2 · ‎02-02-2017

Give this a try. (Runanywhere sample search, first line is just to generate sample data).

| gentimes start=-1 | eval user="user1@sa.com sab\user2 user3" | table user | makemv user | mvexpand user 
| rex field=user "(?<cleanedUser>\w+)(\@|$)"

View solution in original post

somesoni2 · ‎02-02-2017

Give this a try. (Runanywhere sample search, first line is just to generate sample data).

| gentimes start=-1 | eval user="user1@sa.com sab\user2 user3" | table user | makemv user | mvexpand user 
| rex field=user "(?<cleanedUser>\w+)(\@|$)"

thambisetty_bal · ‎02-02-2017

you are amazing @somesoni2

please explain regex Sir.

somesoni2 · ‎02-02-2017

It's capturing a full work (\w+) till you encounter a @ symbol or end of value ($). backward slash is word terminator so it works for 2nd example value as well.

How to extract username from my data?

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

Splunk Answers Content Calendar, July Edition I

Are you a member of the Splunk Community?

How to extract username from my data?

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

Splunk Answers Content Calendar, July Edition I