Hey Fellow Splunkers
I'm looking to possibly create a regular expression that can be used to extract a field. The data associated with the field that I'm attempting to extract is a complex string with numerical values including quotes example:
EXAMPLE DATA:
WARNING 344 Errors "THE ERROR IS 1 MORE THAN EXPECTED"
WARNING 210 Errors "THE ERROR IS 5 LESS THAN EXPECTED"
WARNING 122 Errors " SOME ADDITIONAL 1 TEXT"
Ideally I would like to source Warning as a field, everything afterwards should be dynamic.
The Regular Expression I generated:
^(?:[^ \n]* ){8}(?P\s+\d+\d+\d+\s+["-"])
↧