Hello. I am currently trying to do something with a list of logs that I have been given.
All of the logs have the same format:
/this/is/.../an_example_relevantInformationHere.2016-08-03.log
What I want to do is to use regex to search through the strings and to find the part that says relevantInformationHere and create a table with that as the header. Right now my rex looks like:
..|rex "an_example_(?\w+)."| table parameterName
It looks like it worked in the regex testers that I used, but I am not receiving the expected output in splunk. What am I doing wrong and is there a difference between the splunk regex and the regex on another site?
Thank you.
... View more