Regular expression to match specific word in Splunk
Question
I have this type of log file:
182.236.164.11 - - [04/Mar/2019:18:20:56] "GET /cart.do?action=addtocart&itemId=EST-15&productId=BS-AG-G09&JSESSIONID=SD6SL8FF10ADFF53101 HTTP 1.1" 200 2252 "http://www.buttercupgames.com/oldlink?itemId=EST-15" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.46 Safari/536.5" 506
I am trying to create a regular expression to only match the word Intel, regardless of the relative position of the string.
I have come up with this regular expression:
^[^;\n]*;\s+
But it doesn't always work as it will match other strings as well.
I want to match the string Intel only so as to create a field in Splunk.
Any inputs are welcome.
1 answers
solution1
0 2019-03-22 11:12:19
This query will do what you say you want, although I don't see the value of it. If you say more about what your end goal is then I might be able to provide a better answer.
index=foo "Intel" | rex "(?<Intel>Intel)"
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.