`comment("If cleardata, which is the field representing the true text, is blank, use the hex conversion (hexdata). Can you please post search code and event strings as code (use the 101010 button in the editor), otherwise some parts will get messed up due to how the board handles certain special characters. If the value of cmd is not all hex, there will no conversion.")` But it doesn't always work as it will match other strings as well. In the strings above, I would expect my rex to match 1, 12, 2 and 14. I want to be able to extract the 1 or 2 digits, depending on whether there is a single digit or 2, starting at the 6th character (in effect pulling just the 6th, or 6th and 7th). I have come up with this regular expression from the automated regex generator in splunk: \s+. Here is an example of my strings: ABC-F1KLMNOP7 ABC-F12KLMNOP8 ABC-F2KLMNOP55 ABC-F14KLMNOP66. I have the code for the rex from hex to text. I am trying to create a regular expression to only match the word Intel, regardless of the relative position of the string in order to create a field. ![]() This sed-syntax is also used to mask, or anonymize. Could someone possibly tell me please how I may strip the actual nino number out of this line. I'm trying to extract a nino field from my raw data which is in the following format 'nino\':\'AB123456B\'. Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type. ![]() When modesed, the given sed expression used to replace or substitute characters is applied to the value of the chosen field. I'm very new to using Splunk and most certainly to the rex command and regular expressions, so please bear with. ![]() I Googled and searched the Answers forum, but with no luck.īelow, in psuedo code, is what I want to accomplish.Įval newfield if oldfield starts with a double quote, newfield equals oldfield if not, run a rex on oldfield. The rex command matches the value of the specified field against the unanchored regular expression and extracts the named groups into fields of the corresponding names.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |