I have my xml data HERE, I need to extract using Splunk IFX, Generated pattern (regex).
Example Xml:
I have this expression that extract from word after until Exit.
(?i) after (?P
As this look for word Exit only, how do I add other situation such as Rd|Entrance ?
I tried (?i) after (?P
After hours of trying, solved by (?i) (?P<dummyone>on) (?P<onexpressway>[^.]+?)\s+(?:\([^)]*?\)\s+)?(?P<dummytwo>at|after|before) (?P<locationaccident>[^.]*?(?P<dummythree>Exit|Flyover|Tunnel|Exit\.|Rd\.|Entrance\.|Ave\.|Avenue\.|North\.|South\.|East\.|West\.|[1-99]\.|BKE\.|SLE\.|CTE\.|ECP\.|KJE\.|TPE\.|PIE\.|AYE\.|Kayu\.|Way\.|Halus\.|Circus\.|Link\.|Highway\.|Tuas\.|Bahagia\.|Merah\.|Limau\.|Park\.|Lay\.|Drive\.|Dr\.|Queensway\.|Village\.|Town\.|Crescent\.|Link\.|Payoh\.|Kechil\.|Central\.))
After hours of trying, solved by (?i) (?P<dummyone>on) (?P<onexpressway>[^.]+?)\s+(?:\([^)]*?\)\s+)?(?P<dummytwo>at|after|before) (?P<locationaccident>[^.]*?(?P<dummythree>Exit|Flyover|Tunnel|Exit\.|Rd\.|Entrance\.|Ave\.|Avenue\.|North\.|South\.|East\.|West\.|[1-99]\.|BKE\.|SLE\.|CTE\.|ECP\.|KJE\.|TPE\.|PIE\.|AYE\.|Kayu\.|Way\.|Halus\.|Circus\.|Link\.|Highway\.|Tuas\.|Bahagia\.|Merah\.|Limau\.|Park\.|Lay\.|Drive\.|Dr\.|Queensway\.|Village\.|Town\.|Crescent\.|Link\.|Payoh\.|Kechil\.|Central\.))
Splunk doesn't like unnamed groups. Hope this will help some people 😃