Solved: Can you help me with my regex expression?

pench2k19 · ‎02-25-2019

Hi Team,

I'm struggling to get the regex expression for the following values. I want to capture the text before the first _ symbol into one field and after the _symbol value into another field. I need a common expression that works for all.

broadridge_endur_exch_trades_parent
1end_endur_exch_trades_parent
1end_endur_comp_trades_parent
1img_img_gl_000
1img_gl
1gmi_GNACMFF1
1lst_agr_trd
epx_epx_afs_file
fxcal_balance_report

I am using the following expression, but it's not working

rex field=Datafeed_name "^(?\w{3,10})_(?\w+)$"

Can you please help?

@vnravikumar @jakt54

FrankVl · ‎02-25-2019

\w includes _, that is where your attempt fails.

Try this; "^(?<field1>[^_]+)_(?<field2>\w+)$"

https://regex101.com/r/y5JIIB/1

View solution in original post

FrankVl · ‎02-25-2019

\w includes _, that is where your attempt fails.

Try this; "^(?<field1>[^_]+)_(?<field2>\w+)$"

https://regex101.com/r/y5JIIB/1

pench2k19 · ‎02-25-2019

thanks for the quick turn around mate...will check and confirm

Can you help me with my regex expression?

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms