InfallibleTechie

Splunk Query to extract all the contents/values/characters from the matching String

Home InfallibleTechie Admin December 23, 2022December 24, 2022

Splunk Query to extract all the contents/values/characters from the matching String

December 23, 2022December 24, 2022 InfallibleTechie Admin

.* can be used in rex to extract all the contents/values/characters from the matching String.

Syntax:

Your__Base_Splunk_Query
| rex field=field_name "Matching_String: (?<Custom_Field_Name>.*)"

Example:

Your__Base_Splunk_Query
| rex field=info "ExtendedMessage: (?<ExceptionMessage>.*)"

As per the above example, if the info field value is “ExtendedMessage: Test 1 Sample 1 ABC – XYZ”, then ExceptionMessage value will be “Test 1 Sample 1 ABC – XYZ”.

InfallibleTechie

Splunk Query to extract all the contents/values/characters from the matching String

Leave a Reply Cancel reply

Categories

Recent Posts

Other Posts

Menus