What is the syntax I need to use to handle multiple regex when working with Props.conf and transforms.conf?
Also what is the syntax for if-else with in a Regex?
Any pointers would help.
Thanks.
Splunk uses PCRE. This is a sort of standard for regular expressions - one of many. There are dozens of resources for regular expressions, and tools to help you write them. One of my favorite reference sites is http://www.regular-expressions.info/
One beginning regular expression book that I recommend is "Sams Teach Yourself Regular Expressions" by Ben Forta. It is short, inexpensive and teaches by example.
There is no "if-then-else" per se in regular expressions. There are conditional matches, which are expressed with ?
, ?=
and ?<=
. I am not sure that this is what you want.
Finally, I am not sure what you mean by "syntax to handle multiple regex".
What are you trying to do? With a more specific description of what you want to do, the community can probably give you a more direct answer than this one...
Splunk uses PCRE. This is a sort of standard for regular expressions - one of many. There are dozens of resources for regular expressions, and tools to help you write them. One of my favorite reference sites is http://www.regular-expressions.info/
One beginning regular expression book that I recommend is "Sams Teach Yourself Regular Expressions" by Ben Forta. It is short, inexpensive and teaches by example.
There is no "if-then-else" per se in regular expressions. There are conditional matches, which are expressed with ?
, ?=
and ?<=
. I am not sure that this is what you want.
Finally, I am not sure what you mean by "syntax to handle multiple regex".
What are you trying to do? With a more specific description of what you want to do, the community can probably give you a more direct answer than this one...
thanks lguinn. this will help.
well, on multiple regex ... i was trying to define two regex in my transforms.conf. i figured that out though.
thanks again.