Can anyone provide me a simple example for using R...

zcwang · ‎08-26-2015

Could anyone provide me a simple example for using REGEX with DELIMS? The event in my scenario is full of delimiter-separated field/value pairs, so I used two sets of quoted delimiters. However, the first set of delimiters might be either "," or " ". So I wonder if I could use an OR for the first delimiter. Thanks!

Richfez · ‎11-19-2015

zcwang,

An example of the item in question would make this easier, but I'll try:

Any of the delimiter characters you specify will be considered a delimiter. The docs for transforms.conf provides an example of this

[multiple_delims]
DELIMS = "|;", "=:"

Which they describe as The above example extracts key-value pairs which are separated by '|' or ';', while the key is delimited from value by '=' or ':'.

So that would use either | or ; for the field separators and either one of = or : as the field=value separator. This would match log lines like

|field1=val1;field2=val2|field3:val3;field4=val4;

and pull out of them

field1=val1
field2=val2
field3=val3
field4=val4

MuS · ‎08-26-2015

providing some sample events will be useful in this case.....

Can anyone provide me a simple example for using REGEX with DELIMS?

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!