Splunk Search

Field Extraction help!!

splunker9999
Path Finder

Hi ,

We have sample data like below and need to extract these fields:
"GB*2" with field value as "NC-MEDICAL" and "GI*" as "NC-Medical"

****20150816*1603*34578*X*1879642~ST*270*000000001*1879642~BHT*0022*13*PHX*20150816*1603~LG*120*1~NM1******GB*2*NC-MEDICAL***GI*NC-MEDICAL*****

Can someone please help us with field extraction?

Thanks
Sarath

0 Karma
1 Solution

richgalloway
SplunkTrust
SplunkTrust

This regular expression will extract those fields.

"GB\*2\*(?<GB2>[^\*]+)\*\*GI\*(?<GI>[^\*]+)"
---
If this reply helps you, Karma would be appreciated.

View solution in original post

0 Karma

richgalloway
SplunkTrust
SplunkTrust

This regular expression will extract those fields.

"GB\*2\*(?<GB2>[^\*]+)\*\*GI\*(?<GI>[^\*]+)"
---
If this reply helps you, Karma would be appreciated.
0 Karma

splunker9999
Path Finder

Thank you , this works.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...