Can I match multiple patterns with regex in the sa...

sanchitguptaiit · ‎06-21-2016

I have a requirement where I need to search all logs to match a set of patterns and extract some values. Is there something in Splunk to help with same?

For eg: below are various search patterns I would like to find in logs (and there are 100s of these). If there is any match, print the value matching a regex and the pattern that was matched.

Input Patterns:

Error in CUSIP ## *([A-Za-z0-9]{9})* (Wrong model model indicatives not found)
*([A-Za-z0-9]{9})* does not have up shift cashflow, pass
CUSIP ([A-Za-z0-9]{9}) is not in input file
ValueError: Missing cashflow for scenario opt cusip ([A-Za-z0-9]{9})
ssm_id ([A-Za-z0-9]{9}). has error:.. doSetYieldCurve:ERROR: :ERROR: Cannot get rates for intex
,([A-Za-z0-9]{9}),[0-9]+ loans out of [0-9]+ were using group/deal level curves

Output:

Value        |   pattern
123456789    |    ## Error in CUSIP ## 123456789 (Wrong model model indicatives not found)
1AB456789    |    ## Error in CUSIP ## 1AB456789 (Wrong model model indicatives not found)
123456789    |   123456789   does not have up shift cashflow, pass

thanks, Sanchit

woodcock · ‎06-21-2016

See the answer here (it is complicated):

https://answers.splunk.com/answers/386488/regex-in-lookuptable.html#answer-387536

Can I match multiple patterns with regex in the same search to extract fields from logs?

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Combine Multiline Logs into a Single Event with SOCK: a Step-by-Step Guide for ...