Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Regex crash course?

Joffer
Path Finder
‎07-28-2010 10:34 AM

Can anyone recommend a good regex crash course article so I can learn how to write my (simple) whitelists and blacklists for my inputs.conf?

Reply
2 Solutions
Solved! Jump to solution
Solution

Michael_Wilde
Splunk Employee
Splunk Employee
‎07-28-2010 08:17 PM

You might want to check out my video and some of the tools i use.

SplunkNinja - All My Regex's Live in Texas

View solution in original post

Reply
Solved! Jump to solution

jangid
Builder
‎06-06-2012 04:32 AM

This is also good small document to learn

http://api.ning.com/files/k-J0BUJLASFKKlDVrodtWvdSn3lDz02U5nlTTuovnU0Fjn4Gt6JNy0YjAS2sYjhC93bhNT02kD...

0 Karma
Reply
Solved! Jump to solution

Alexandre_Nizou
Explorer
‎11-01-2010 07:03 PM

If you want to test your regular expressions on the spot, use the online http://www.regexpal.com/.

Take your REGEX and copy it in the first box, take the logs you are trying to match and copy them in the second box... et voila!

0 Karma
Reply
Solved! Jump to solution

dwaddle
SplunkTrust
SplunkTrust
‎09-04-2010 10:34 PM

There's not much better on the topic than the O'Reilly book -- http://oreilly.com/catalog/9780596528126/ ... but this is not a "crash course" by any means, it is a full length discussion in great detail.

Given Splunk uses PCRE (Perl Compatible Regular Expressions) I find the "pcrepattern" man page at http://linux.die.net/man/3/pcrepattern to be a useful reference to the advanced features of PCRE.

Reply
Solved! Jump to solution

saurabh_tek11
Communicator
‎12-05-2017 02:01 AM

Thanks @dwaddle - i was curious to know, what you answered - Splunk uses PCRE.

0 Karma
Reply
Solved! Jump to solution

lguinn2
Legend
‎08-12-2010 08:38 AM

For people who like books, I suggest SAM's Teach Yourself Regular Expressions in 10 Minutes (Ben Forta)

It is reviewed on the regular-expressions info site http://www.regular-expressions.info/book10mins.html

0 Karma
Reply
Solved! Jump to solution
Solution

Michael_Wilde
Splunk Employee
Splunk Employee
‎07-28-2010 08:17 PM

You might want to check out my video and some of the tools i use.

SplunkNinja - All My Regex's Live in Texas

Reply
Solved! Jump to solution

Joffer
Path Finder
‎07-29-2010 07:34 AM

Sweet. RegexBuddy will probably help me alot 🙂

0 Karma
Reply
Solved! Jump to solution

saurabh_tek11
Communicator
‎12-05-2017 02:04 AM

@MichaelWilde - kindly update the link, as its not opening now.

0 Karma
Reply
Solved! Jump to solution
Solution

wollinet
Path Finder
‎07-28-2010 11:05 AM

Have a look at:

http://www.regular-expressions.info/

Reply
Get Updates on the Splunk Community!

Join Us for Splunk University and Get Your Bootcamp Game On!

If you know, you know! Splunk University is the vibe this summer so register today for bootcamps galore ...

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

.conf24 is taking place at The Venetian in Las Vegas from June 11 - 14. Continue reading to learn about the ...

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...