https://regex101.com/r/PNYxi2/2
not working in splunk.
Error in 'rex' command: Encountered the following error while compiling the regex '(?<v1>.+:\.+?\(.+?)\.+)': Regex: unmatched closing parenthesis
@reverse - A backslash seems to be misplaced in your expression. It should be '(?<v1>.+:\.+?\(.+?\).+)':
@reverse - A backslash seems to be misplaced in your expression. It should be '(?<v1>.+:\.+?\(.+?\).+)':
Try out the following as for regex101.com
(?<drive>\w)\:\\(?<first>[\w]+)\\(?<second>[\w]+)\\(?<third>[\w]+)\\(?<filename>[\d\w\.]+)
Try this out in splunk;
| rex field=string "(?<drive>\w)\:\\\(?<first>[\w]+)\\\(?<second>[\w]+)\\\(?<third>[\w]+)\\\(?<filename>[\d\w\.]+)"
This will parse the entire path that you listed.
what are you trying to parse ?
I want to extract DEF.
Do you want to extract DEF or do you want to extract the name of the second directory, where DEF is located?
name of the second directory
| makeresults
| eval string ="c:\ABC\DEF\LOGS\1.LOG"
| rex field=string ".*?\\\\\w+\\\(?<extract_attribute>\w+).+"
| table string extract_attribute