Solved: Not a Splunk Question but a Regex Question

Dark_Ichigo · ‎10-16-2011

So basically Iv got a String: "Hello Splunk Today: 2011-08-11"

I want the Regular Expression to end the String when it Sees a Capital 'T' Or a Digit!

How can I do this, Im new to writing my own Regular expressions, so any help would be Awesome!

Thanks!

LukeMurphey · ‎10-16-2011

If you are new to regex's, then you may want to spend a little time playing with regular expressions before betting too deep in using them in Splunk. I recommend using a site like http://pythonregex.com/ to test them since you can see what it will do with some sample text.

For your particular problem, you can use a character class that matches everything but digits and the capitol "T":

[^T0-9]*

View solution in original post

Drainy · ‎10-18-2011

Thumbed up - it relates to Splunk so it certainly shouldn't get a down-vite

Dark_Ichigo · ‎10-17-2011

Why would someone thumbs me down?

LukeMurphey · ‎10-16-2011

If you are new to regex's, then you may want to spend a little time playing with regular expressions before betting too deep in using them in Splunk. I recommend using a site like http://pythonregex.com/ to test them since you can see what it will do with some sample text.

For your particular problem, you can use a character class that matches everything but digits and the capitol "T":

[^T0-9]*

Ayn · ‎10-18-2011

Another alternative thrown in for good measure: http://regexpal.com/

Drainy · ‎10-18-2011

Another fantastic site is http://gskinner.com/RegExr/ On there you can test regex on the fly with it updating as you type. I practically live there when doing alot of regex work

Dark_Ichigo · ‎10-17-2011

Thanks Luke

Not a Splunk Question but a Regex Question

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms