how to read comment line

pragycho · ‎01-22-2021

Hi ,

I have data where i want to read comment line and store value in field.

for example , I have log where first 4 line field is in commented for Version, Date, System, Software

#Version: 1.0
#Date: 2020-04-18 11:10:15
#System: 10.244.32.81 - SCWSA-7HBA-0001.nbnco.local
#Software: ABC for Web 11.8.0-414

My query : i have 4 field in datamodel for ver , date, system, software .now i want to store commented data in this field. so how to write the regex expression for this so-that i can see value in datamodel for this commented line

pragycho · ‎03-04-2021

thanks for replying

alonsocaio · ‎01-22-2021

Hi @pragycho , this could be used as a generic regex for extracting these fields:

\#\w+\:\s(.+)$

If you need a regex for each field, you can try something like this:

\#Version\:\s(?<version>.+)$
\#Date\:\s(?<date>.+)$
\#System\:\s(?<system>.+)$
\#Software\:\s(?<software>.+)$

how to read comment line

field extraction

regex

rex

Get the T-shirt to Prove You Survived Splunk University Bootcamp

Introducing the Splunk Community Dashboard Challenge!

Wondering How to Build Resiliency in the Cloud?