I have the below expression and which is a keys and i want to check whether the same keys are matching so help me in building regular expression.
":\"aerfsdn:awfsdsdf:kfgms:us-asa-1:13v6030155555:key/rwefnsdlk8-9bbnf8-fsdiufsdk5-9e55-faljfkld55\"
Tags: splunk-enterprise,regex,sed
@premranjithj, If you want to extract everything between forward slash (/
) and backward slash (\
) which appear after key
, try the following run anywhere search based on sample data provided in the question (as is):
| makeresults
| eval _raw="\":\\\"aerfsdn:awfsdsdf:kfgms:us-asa-1:13v6030114722:key/rwefnsdlk8-9bbnf8-fsdiufsdk8-9e04-faljfkld95\\\""
| rex field=_raw "key\/(?<key>[^\\\]+)\\\\"
PS: back slash characters need to be escaped in Splunk besides escaping in regular expression.
@premranjithj, If you want to extract everything between forward slash (/
) and backward slash (\
) which appear after key
, try the following run anywhere search based on sample data provided in the question (as is):
| makeresults
| eval _raw="\":\\\"aerfsdn:awfsdsdf:kfgms:us-asa-1:13v6030114722:key/rwefnsdlk8-9bbnf8-fsdiufsdk8-9e04-faljfkld95\\\""
| rex field=_raw "key\/(?<key>[^\\\]+)\\\\"
PS: back slash characters need to be escaped in Splunk besides escaping in regular expression.