I have a line containing
[India,sn_GB] Welcome : { Name:{Customer1},Place:{Mumbai},}
I want to print the entire line after sn_GB] in splunk, which is
Welcome : { Name:{Customer1},Place:{Mumbai},}
I used the below regular expression:
(?<=sn_).*?$
But it prints, along with GB] like GB] Welcome : { Name:{Customer1},Place:{Mumbai},}.
In the word sn_GB, sn_ is constant and the rest two letter will vary, like GB, LB, KB, TB as such.
Please help me in correcting the regular expression.
Thanks
This will give the correct result in case sn_GB is constant.
(?<=sn_GB).*?$
If GB is not constant you can go for:
(?<=sn_...).*?$