Solved: How to extract the file name from a file path usin...

twh1 · ‎12-14-2016

I am getting the file path in my search result. When I am displaying it in dashboard with chart, I need to only extract the file name, not the complete path.

Current output:
/app/wlprd11g/instances/csweb1020/logs/csweb1020_access.log
/app/wlprd11g/instances/csweb1021/logs/csweb1021_access.log
/app/wlprd11g/instances/csweb1022/logs/csweb1022_access.log
/app/wlprd11g/instances/csweb1023/logs/csweb1023_access.log

Desired output:
csweb1020_access.log
csweb1021_access.log
csweb1022_access.log
csweb1023_access.log

twh1 · ‎12-26-2016

I used substr function and got the expected result.

... | eval source=substr(source,40)

View solution in original post

twh1 · ‎12-26-2016

I used substr function and got the expected result.

... | eval source=substr(source,40)

richgalloway · ‎12-15-2016

Try this.

... | rex "(?:\/?.+\/)*(.+?)$" | ...

---
If this reply helps you, Karma would be appreciated.

How to extract the file name from a file path using rex in a search?

Introducing the Splunk Community Dashboard Challenge!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...