Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

how to extract first word from the given format. .

kavyatim
Path Finder
‎05-02-2014 01:30 AM

Hi ,

I have following values:
Thomson SpeedTouch ST510 V6 versao 6.2.15.7 or ST585 v6,

D-LINK DSL-500B Geracao II,

COMTREND-COMTREND CT-5072S ,
I need to extract only first word like:Thomson,D-LINK,COMTREND.Can any one help me in writing regex to this.

Tags (1)
0 Karma
Reply

harshavrath
Contributor
‎05-02-2014 03:10 AM

This might be helpful

http://docs.splunk.com/Documentation/Splunk/6.0.3/Knowledge/ExtractfieldsinteractivelywithIFX

this is the link for Automatic generation of rex

Watch this video

http://www.splunk.com/view/SP-CAAADUY

0 Karma
Reply

MuS
Legend
‎05-02-2014 02:59 AM

Hi kavyatim,

if the needed words are always the first words at the start of a new line, use this:

... | rex "^(?<myField>\w+(\s|-LINK|))" | table myField

This will get you a table of

  • Thomson
  • D-LINK
  • COMTREND

hope this helps ...

cheers, MuS

Reply

martin_mueller
SplunkTrust
SplunkTrust
‎05-02-2014 09:24 AM

It's a bit ugly to have the dash sometimes be part of the word (D-LINK) and sometimes serve as a word separator (COMTREND-COMTREND) - if your list of such exceptions is large then you'll have to build a large regex.

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...