All Apps and Add-ons

what is the reverse of an end call ?

royimad
Builder

Hello Expert,

I have the following text.
anything followed by anything and ended by an empty line
what is the regular expression that look familiar to you?

(space<?Total>.*)

or

(Total<?space>.*)

This is not actually my question cause it depend on the definition below wich started by look followed by familiar , but i really need to determine what character mean go till the end of a text not the end of a line

Any idea from where this is belong? It should be one character i suppose and it's C!
So see C is very difficult for a parsing language like Splunk. I just wondering if someone could help me finding this character on splunk cause i already suggested new one that doesn't work in technology maybe end of an all could be + for repeat or something like that could & be the solution for example .& , it's not a star .* what could be a bottle neck with white color , how about W as of WWW world wide web for example .W , i suppose it should be simple but as long as the wisdom have 2 spaces on the floor and on the roof , i choose to be on the roof cause this is planned. But the thing that isn't planned is your answers to this question.

Any idea what character determine the end of a text body wich is supposed to be followed by a point. .N .T .^ .G .! .@ any idea what character is it?

Many thanks and sorry if i'm bothering you with that silly question.

I need a Splunk character with an example if this is possible
sourcetype="imap" | rex field=_raw "(Total<?space>.?)"
alt text

1 Solution

alacercogitatus
SplunkTrust
SplunkTrust

Hark! Me thoughts begin to ponder upon your stated intentions. Hearing only wonders of Regex and Confucianism, I direct my cerebral temperament to a solution. If you wish to capture all information until a line return, try the below supposition!

sourcetype="imap" | rex field=_raw "Total(?<body>[^\r\n]+)"

alt text

View solution in original post

hopkin78
Engager

Great conference presentation as well.

0 Karma

kristian_kolb
Ultra Champion

For that kind of heavy logs, I think you're going to need bigger artillery. Like this:

http://cdn1.flipacars.com/pics/04/67/krupp-bagger_0e234.jpg

alacercogitatus
SplunkTrust
SplunkTrust

Hark! Me thoughts begin to ponder upon your stated intentions. Hearing only wonders of Regex and Confucianism, I direct my cerebral temperament to a solution. If you wish to capture all information until a line return, try the below supposition!

sourcetype="imap" | rex field=_raw "Total(?<body>[^\r\n]+)"

alt text

alacercogitatus
SplunkTrust
SplunkTrust

If I have answered your question, please accept it so others might find it useful. Thanks!

sowings
Splunk Employee
Splunk Employee

Are you parsing IMAP log data or messages in mbox format?

0 Karma

royimad
Builder

sourcetype="imap" | rex field=_raw "(Total?.*)$" , does dollar sign mean the beginning of an empty line or end of a text.

I need to extract with one character if possible or 2 it doesn't matter a text that contain a Total at the beginning and end it with an empty line

For example i have the text with the following:
Return the Total number of seconds contained in the duration. Equivalent to (td.microseconds + (td.seconds + td.days * 24 * 3600) * 10**6) / 10**6 computed with true division enabled. keep it or leave it,etc

Then this text will end with an empty line where to stop.

0 Karma

royimad
Builder

Star mean, I think they should change the editor of comment , why answering is more sophisticated then comment section,i was trying to communicate with you by comment not by answering my own question but it seams that i use the answering editor to start the same question but with additional content. I need the till beginning of an empty line in a text character.

0 Karma

kristian_kolb
Ultra Champion

I'm sorry, I think you must give an example text and show exactly what words you want to capture.

0 Karma

kristian_kolb
Ultra Champion

rex "some initial text (?<the_rest_of_the_line>.*)$"

match any characters after your initial text until the end-of-line, and store them in a field calle 'the_rest_of_the_line'.

0 Karma

royimad
Builder

.* mean end of line , the star appeared as a point in my previous comment.

0 Karma

royimad
Builder

* mean till the end of the line , what character mean till the end of the text and till the beginning of an empty line?

0 Karma

kristian_kolb
Ultra Champion

do you mean \b as in 'boundary'? Check out;
http://gskinner.com/RegExr/
http://www.regular-expressions.info/

0 Karma

kristian_kolb
Ultra Champion

Yes, that was my first impression as well. Went into edit mode to see if there was anything wrong with the filtering of HTML-specific characters, but no.

Still, the crane is awesome.

royimad
Builder

i'm looking for end text symbol in regular expression , that's it. do you have an idea?

0 Karma

rturk
Builder

I seriously have no idea what you're asking. Nice crane though.

Can you give some sample events, and highlight the string you want to match?

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...