- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- regular expression to find special character
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I want to use regular expression which should get special charcter in Splunk
Please help in this
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@logloganathan, based on the sample Data provided can you try the following:
<yourBaseSearch>
| rex field=_raw "(?<special_character>[^\w|\s]+)"
Following is the link to regex to test with your sample data: https://regex101.com/r/9K4Ugs/1
| makeresults | eval message= "Happy Splunking!!!"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@logloganathan, based on the sample Data provided can you try the following:
<yourBaseSearch>
| rex field=_raw "(?<special_character>[^\w|\s]+)"
Following is the link to regex to test with your sample data: https://regex101.com/r/9K4Ugs/1
| makeresults | eval message= "Happy Splunking!!!"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
thanks for your answer..Could you please post the same in answer box
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@logloganathan, I have converted my comment to answer. Please accept to mark this question as answered 🙂
| makeresults | eval message= "Happy Splunking!!!"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@logloganathan, please add a sample event and provide the details of which field you want to extract. As you might already know that regular expressions are very much pattern based and without sample/mocked up data it would be tough to assist. You should anonymize (so that pattern for regular expression remains the same) any sensitive data before posting the same.
You can always use tools like regex101.com to add sample data and test your own regular expressions.
| makeresults | eval message= "Happy Splunking!!!"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sargünan ramesh where u is not normal
i want to get the word sargünan when it finds letter ü
similarly Tamil şangam where S is not normal but i want the word şangam to be displayed in output
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
any update?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sure let me give the sample..
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
use backslashes \ before special character in regex.
Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!
They're back! Join the SplunkTrust and MVP at .conf24
Enterprise Security Content Update (ESCU) | New Releases
