Splunk Search

field extraction on Chinese characters

cpuppet
Path Finder

There are actually 2 parts in my question

  1. i want to do an field extraction based on my existing field i have read some of the questions on the answers, and found some possible solutions to my problem but was still unable to the it working correctly i tried with n-level transforms.conf and props.conf way using delims as i think it should be an easy way to separate my field since the data is not fixed with the number of different sections it might have another way my also be using rex but i also found out that i was not able to point out exactly where i want to extract my category i listed out both of my source and my props.conf/transforms.conf example here

example.log
date,number,/我愛你/你愛他,last,xx12345
date,number,/我愛你/你愛他/他愛他,last,xx12345
date,number,/我愛你/你愛他/他愛他/他愛我,last,xx12345

props.conf
[example.log]
REPORT-sourcefields = source-fields
REPORT-sourcefield3 = source-field3

transforms.conf
[source-fields]
DELIMS = ","
FIELDS = field1,field2,field3,field4,field5

[source-field3]
SOURCE_KEY = field3
DELIMS = "/"
FIELDS = Category1,Category2,Category3,Category4,Category5,Category6

  1. when using sourcetye="example.log" | rex field=field3 (?^/{1}\w+) in my search command, i found that it will not recognize my Chinese characters when i use \w+ but it works well in my regex tool

anyone has answers to this problem? maybe my regex isn't correct, but i am really exhausted these days...unable to think straight at the moment

Tags (1)
0 Karma

Kate_Lawrence-G
Contributor

I don't think Splunk would recognize it as a word, but maybe as a non-whitespace character?
^/{1}.\/(?\S+)

Thanks,

Kate

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...