Solved: Search to check whether keys are matching

DataOrg · ‎09-13-2017

I have the below expression and which is a keys and i want to check whether the same keys are matching so help me in building regular expression.

":\"aerfsdn:awfsdsdf:kfgms:us-asa-1:13v6030155555:key/rwefnsdlk8-9bbnf8-fsdiufsdk5-9e55-faljfkld55\"
Tags: splunk-enterprise,regex,sed

niketn · ‎09-13-2017

@premranjithj, If you want to extract everything between forward slash (/) and backward slash (\) which appear after key, try the following run anywhere search based on sample data provided in the question (as is):

| makeresults
| eval _raw="\":\\\"aerfsdn:awfsdsdf:kfgms:us-asa-1:13v6030114722:key/rwefnsdlk8-9bbnf8-fsdiufsdk8-9e04-faljfkld95\\\""
| rex field=_raw "key\/(?<key>[^\\\]+)\\\\"

PS: back slash characters need to be escaped in Splunk besides escaping in regular expression.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

View solution in original post

niketn · ‎09-13-2017

@premranjithj, If you want to extract everything between forward slash (/) and backward slash (\) which appear after key, try the following run anywhere search based on sample data provided in the question (as is):

| makeresults
| eval _raw="\":\\\"aerfsdn:awfsdsdf:kfgms:us-asa-1:13v6030114722:key/rwefnsdlk8-9bbnf8-fsdiufsdk8-9e04-faljfkld95\\\""
| rex field=_raw "key\/(?<key>[^\\\]+)\\\\"

PS: back slash characters need to be escaped in Splunk besides escaping in regular expression.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

Search to check whether keys are matching

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!