Zippy
Reputation: 495
Splunk rex extract field, I am close but just cant get it matching
Value session_value contains this info:
not found, name: [email protected] more text here
Trying to use this:
rex field=session_value ":\s(?<USERID>)@"
To extract: user
I think I am close, anyone assist?
Upvotes: 0
Views: 743
Answers (1)
RichG
Reputation: 9916
You are close, but the most important part is missing. You need to specify what characters match in the capture group. For example,
rex field=session_value ":\s(?<USERID>\w+)@"
Upvotes: 2
Related Questions
- Not able to match the regex
- Extracting multi values with regex ( Only values, Not Fieldname )
- Using Splunk rex to extract String from logs
- How to modify regular expressions so that it extracts same fields of both fields?
- Splunk: How to extract field directly in Search command using regular expressions?
- Splunk - regex extract fields from source
- Using Splunk rex command to extract a field between 2 words
- Splunk: how to extract fields using regular expressions? like rex in splunk search
- Splunk - extract a field with dot/period
- Need to extract and re-format with RegEx