Solved: Can anyone help me split this field into 2?

hok2010 · ‎10-17-2018

Hi!

temp=C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe

to...

path=C:\Program Files\SplunkUniversalForwarder\bin
process=splunk-powershell.exe

this is what I reach...

I'm stuck at the regex.

Any other method is also appreciated

| rex field=temp "(?[^\\\/]*)$"    |regex path=!temp    |table FILENAME,PATH

inventsekar · ‎10-17-2018

(pls check this.. very manual rex,..

| makeresults 
| eval temp="C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" 
| rex field=temp "(?P<path>\w+\W+\w+\W\w+\W\w+\W\w+\W)(?P<fileName>\w+\W\w+\W\w+)"
| table path fileName

PS - if it resolves your task, pls accept this as answer

View solution in original post

inventsekar · ‎10-17-2018

(pls check this.. very manual rex,..

| makeresults 
| eval temp="C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" 
| rex field=temp "(?P<path>\w+\W+\w+\W\w+\W\w+\W\w+\W)(?P<fileName>\w+\W\w+\W\w+)"
| table path fileName

PS - if it resolves your task, pls accept this as answer

diogofgm · ‎10-17-2018

Try this:

(?<path>.*)\\(?<file>[^\\]*)$

------------
Hope I was able to help you. If so, some karma would be appreciated.

Can anyone help me split this field into 2?

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!