Solved: I need help with a range of numbers in REGEX

babcolee · ‎02-26-2016

I have the following REGEX to pickup the bytes out, ^(?:[^,\n]*,){31}(?P\d+). I need to know the REGEX to filter out a range of numbers as bytes out from 0-1400.

richgalloway · ‎02-26-2016

This regex string will match texts with 0-1400 in field 31. You can use it in transforms.conf to send matches to nullQueue.

"^(?:[^,]*?,){30}(\d{1,3}|1[0-3]\d{2}|1400),"

---
If this reply helps you, Karma would be appreciated.

View solution in original post

richgalloway · ‎02-26-2016

This regex string will match texts with 0-1400 in field 31. You can use it in transforms.conf to send matches to nullQueue.

"^(?:[^,]*?,){30}(\d{1,3}|1[0-3]\d{2}|1400),"

---
If this reply helps you, Karma would be appreciated.

babcolee · ‎02-26-2016

Thank you for your help!

ppablo · ‎02-26-2016

Hi @babcolee

If the answer by @richgalloway solved your question, don't forget to resolve the post by clicking "Accept" directly under his answer and also upvote him for being helpful 🙂

richgalloway · ‎02-26-2016

Can you share some sample data and your expected results?

---
If this reply helps you, Karma would be appreciated.

babcolee · ‎02-26-2016

2016/02/25 19:14:20,010401000240,TRAFFIC,start,1,2016/02/25 19:14:20,0.1.2.3,4.5.6.7,8.9.10.11,12.13.14.15,Outbound Services,,,dns,vsys1,TRUST,UNTRUST,ethernet1/18.80,ethernet1/17.1000,All Syslog Servers -Includes VZ,2016/02/25 19:14:20,133312,1,63869,53,60901,53,0x400000,udp,allow,96,96,0,1,2016/02/25 19:14:21,0,any,0,13810046794,0x0,255.255.0.0-255.255.255.255,US,0,1,0,n/a

Comma separated log, field 31 is the bytes out number. If the number in field 31 is within the range of 0-1400, filter it out via setnull in the transforms.conf

I need help with a range of numbers in REGEX

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor