- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Extracting numbers between words
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Say I have this data:
c.i.m This is just a sample 23456 Yes it is true.
My question is how do I extract 23456 and pass it to a new field since there is no key-value pair in this scenario? I would also want to do a count on the new field.
Thanks and please I would not mind some explanation on your code too.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi ibekacyril,
Well, the straight approach is to get only digits matching in the regex
(?<my_number>\d+)
This will create a field called my_number and you can run a stats count(my_number) on it 😉
Next example is this one:
\w+\s(?<my_number>[^\s]+)\s
That's faster but will match This and you want the numbers ... so on to the next one
(?:\w\s)+(?<my_number>\d+)\s
a non-captureing group of one and unlimited times, as many times as possible, giving back as needed [greedy] but this will be slower because it will need more steps to match the result you want - Hint: www.regex101.com
\w match any word character [a-zA-Z0-9_] \s match any white space character [\r\n\t\f ]
c\.i\.m\sThis\sis\sjust\sa\ssample\s(?<my_number>\d+)\s
almost as fast as the first one, but it take a bit more steps to match
There almost endless possibilities for regex to match, but you want the most efficient one - use regex101.com and learn how to use regex 😉
Hope this helps ...
cheers, MuS
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi ibekacyril,
Well, the straight approach is to get only digits matching in the regex
(?<my_number>\d+)
This will create a field called my_number and you can run a stats count(my_number) on it 😉
Next example is this one:
\w+\s(?<my_number>[^\s]+)\s
That's faster but will match This and you want the numbers ... so on to the next one
(?:\w\s)+(?<my_number>\d+)\s
a non-captureing group of one and unlimited times, as many times as possible, giving back as needed [greedy] but this will be slower because it will need more steps to match the result you want - Hint: www.regex101.com
\w match any word character [a-zA-Z0-9_] \s match any white space character [\r\n\t\f ]
c\.i\.m\sThis\sis\sjust\sa\ssample\s(?<my_number>\d+)\s
almost as fast as the first one, but it take a bit more steps to match
There almost endless possibilities for regex to match, but you want the most efficient one - use regex101.com and learn how to use regex 😉
Hope this helps ...
cheers, MuS
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you so much, especially with the regex101.com. The steps you gave equally helped.
.conf24 | Registration Open!
ICYMI - Check out the latest releases of Splunk Edge Processor
Introducing the 2024 SplunkTrust!
