Jul 25, 2023 · Solved: Hi I need help to extract and to filter fields with rex and regex 1) i need to use a rex field on path wich end by ".exe" Example :

Jun 27, 2024 · The search command and regex command by default work on the _raw field. This is normally present in the events in your index. Since your events are coming from a lookup, it is …

Mar 2, 2021 · Hello All, I am not so familiar with regex, but looking at some old query have been able to build one for my need. I am looking for help to understand how this is working in terms of regular …

Feb 6, 2025 · As @ITWhisperer points out, neither substring or regex is the correct tool to extract information from structured data such as JSON. I assume that that so-called "string" is not the entire …

Feb 19, 2025 · The backslash (\) escapes the closing parenthesis ) since it's a special character in regex. \s Matches a single whitespace character (space, tab, or newline). (?<Disconnect>SSLSocket …

Nov 6, 2023 · Splunk - Extracting from search results using regex and aggregates Asked 2 years, 2 months ago Modified 2 years, 2 months ago Viewed 502 times

Dec 16, 2019 · Solved: Hi, How do I write a regex to capture everything after the final \ of a file name and search for within the query? i.e.

Oct 31, 2012 · Hello I am trying to extract some digits from a string and I can't seem to get the regex to work. Here is an example of my strings: ABC-F1KLMNOP7 ABC-F12KLMNOP8 ABC-F2KLMNOP55 …

Jan 20, 2025 · Anyway, when you need to escape a backslash in Splunk in a regex that runs in regex101, you have to add one ot two additional backslashes in Splunk every time you jave a …

Nov 16, 2015 · AFAIK you unfortunately can't do regex style matching in the initial part of the search (ie. the bit before the first "|" pipe). This is probably because of the way that Splunk searches for "tokens" …