How to write the regex to extract this field?

splunker9999 · ‎07-19-2016

Hi ,

Can someone please suggest the regex for this field extraction?

We need to extract de from below context with field as Name:

csc-3.0.1/r1_de_ *:1012

Thanks

gabriel_vasseur · ‎07-20-2016

It would help if you could provide many examples of the data, so that we can understand what's variable and what's always the same, as that is key to design a good regex.

sundareshr · ‎07-19-2016

Try this

.. | rex "_(?<Name>\w+)_" | ...

*OR*

.. | rex "_(?<Name>\w{2})_" | ...

skoelpin · ‎07-19-2016

Hey @splunker9999 This will work. The way I learned it was by going to regex101.com and pasting the text and writing regex to make it work

(?<=r1\_)de

splunker9999 · ‎07-19-2016

Hi , This doesn't works.

I used below
^[^/\n]*/\w+\d+_(?P[a-z]+)

Thanks

skoelpin · ‎07-19-2016

I forgot to mention that the point of regular expressions is to match patterns so if you had any other text than "r1_de" then it will not pick it up. Instead the regex should look like the one below, where it will pick up on digits and letters rather than hardcoded values

(?<=\w\_)\w{2}

How to write the regex to extract this field?

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases