Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

help with regex

vrmandadi
Builder
‎09-13-2019 09:40 AM

How to capture everything until second period.I have the below sample data.I want to capture the one in bold

YYMPv2-SOI::curators."9.9.42.1.3.2.1.8.2059119261.2164944.1.1" = "0x0aa0a04b"

YYMPv2-SOI::curatorss."9.9.42.1.3.1.1.11.453195837.1804944.1.1.1" = "31"

Thanks in advance

Reply
1 Solution
Solved! Jump to solution
Solution

cpatadobe
Explorer
‎09-13-2019 10:07 AM

Something like this will work with your dataset:

(\d{5,}.\d{5,}.\d+\.\d+)

View solution in original post

0 Karma
Reply
Solved! Jump to solution

jpolvino
Builder
‎09-13-2019 11:47 AM

Here is one way to do it:

(your search)
| rex ".*?(\d+\.){8}(?<captured>((\d+\.){3}\d))"

See https://regex101.com/r/y09W84/1

0 Karma
Reply
Solved! Jump to solution

vrmandadi
Builder
‎09-19-2019 11:02 AM

@jpolvino Thank You.this worked but I can accept only one answer

0 Karma
Reply
Solved! Jump to solution
Solution

cpatadobe
Explorer
‎09-13-2019 10:07 AM

Something like this will work with your dataset:

(\d{5,}.\d{5,}.\d+\.\d+)
0 Karma
Reply
Solved! Jump to solution

vrmandadi
Builder
‎09-19-2019 11:02 AM

Thank you much

0 Karma
Reply
Get Updates on the Splunk Community!

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...

.conf24 | Personalize your .conf experience with Learning Paths!

Personalize your .conf24 Experience Learning paths allow you to level up your skill sets and dive deeper ...

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...