|
I am using the Interactive field extractor to try and extract certain fields. However, regular expressions are tricky and testing regular expressions on Splunk is slow. Can anyone recommend a regular expression testing website which will work with Splunk regular expressions? For example, http://regexpal.com/ (Written by Steven Levithan, coauthor of the Regular Expressions Cookbook works with certain regex flavors, but it doesn't always work with the regular expressions generated by the Splunk Interactive Field Extractor. |
|
stefanlasiewski, Someone on one of my Splunk courses (actually he was on both my Splunk courses), pointed me to the following site.. "http://gskinner.com/RegExr/". It allows you test out some regular expressions, with some of your actual data. This is achieved with a simple "copy and paste" of you data into the window provided on the webpage. You can type in your own regex, or you can use the right-hand pane to look through the various "samples" if you are unsure. It definately helped me the most when learning regex. It's hasn't always met my requirements, but it always helps in some way... worth a look. Plus from the looks of things, it provides more assistive features than the tool you mentioned. Hope this helps, MHibbin P.S. If this answers you question please mark it as "Accepted", and/or upvote. Thanks |
|
Splunk uses the PCRE flavor of regular expressions, so anything that is PCRE-compliant should work. http://www.regular-expressions.info is a great site, and points to a variety of regular expression books, software and other resources. Definately a useful site!
(02 Mar '12, 01:08)
MHibbin
|
