Solved: how to write the regular expression for my stateme...

lksridhar · ‎02-24-2017

Hi folks,

could you please anyone help me to write the regex for below statement and need extract the external value from below logs.

EXTERNAL:10.23.9.121/587327

adayton20 · ‎02-24-2017

Give this a try:

|rex field=_raw "EXTERNAL\:(?P<EXTERNAL>.[^\s]*)"

Richfez · ‎02-24-2017

Try

... my search here | rex field=_raw "EXTERNAL:(?<EXTERNAL>\d+\.\d+\.\d+\.\d+\/\d+)"

You can see it works in this example at regex101.com.

adayton20 · ‎02-24-2017

Give this a try:

|rex field=_raw "EXTERNAL\:(?P<EXTERNAL>.[^\s]*)"

lksridhar · ‎02-24-2017

thank for the information adayton and i tried with above search and not receiving any value under the External.

zanb · ‎02-24-2017

AFAIK shouldn't have to use a backward slash on colons.

lksridhar · ‎02-27-2017

adayton and zanb , the below command is working fine.

rex field=_raw "EXTERNAL:(?P.[^\s]*)"

adayton20 · ‎02-24-2017

Can you provide a sample of the raw log, please?

how to write the regular expression for my statement?