Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

What is the usage of "(?msi)" in Splunk with rex comamnd?

admin12345678
Path Finder
‎06-04-2020 01:14 AM

Hi,
I am having some problem to understand the usage of "(?msi)" with rex command,please help me regarding that?

Labels (1)
Labels
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎06-04-2020 05:33 AM

Hi @admin12345678,
as you can see in regex101 the meaning of (?msi) is:

(?msi) match the remainder of the pattern with the following effective flags: gmsi
m modifier: multi line. Causes ^ and $ to match the begin/end of each line (not only begin/end of string)
s modifier: single line. Dot matches newline characters
i modifier: insensitive. Case insensitive match (ignores case of [a-zA-Z])

Ciao.
Giuseppe

0 Karma
Reply

admin12345678
Path Finder
‎06-04-2020 07:57 AM

Thanks @gcusello, can you please explain me more about the m modifier?

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎06-04-2020 08:37 AM

Hi @admin12345678,
you have to use the m modifier when you have a multi line log (e.g. wineventlog).

The best approach is to use it in regex101, e.g. with a wineventlog sample.

Ciao.
Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Database Performance Sidebar Panel Now on APM Database Query Performance & Service ...

We’ve streamlined the troubleshooting experience for database-related service issues by adding a database ...

IM Landing Page Filter - Now Available

We’ve added the capability for you to filter across the summary details on the main Infrastructure Monitoring ...

Dynamic Links from Alerts to IM Navigators - New in Observability Cloud

Splunk continues to improve the troubleshooting experience in Observability Cloud with this latest enhancement ...