Search code examples
regexsplunksplunk-query

I am trying to use regular expression for extracting the Filename filed in Splunk,I have attached the same text


ID=6913&Filename=C%3A%5CUsers%5CTHanse04%5CAppData%5CRoaming%5CDocumentum%5CViewed%5C181019_ERS_321_102_500857.pdf&Download=65536&DownloadSize=79243 HTTP/1.1" 200 3 "-" "Java/1.8.0_192"

I need to extract and after extract i need Thanse04 from it Filename=C%3A%5CUsers%5CTHanse04%5CAppData%5CRoaming%5CDocumentum%5CViewed%5C181019_ERS_321_102_500857.pdf


Solution

  • (?:Filename=)(.*)(.pdf)(?:&)

    demo

    Explanation: (?:) is a matching but not capturing group. Here it matches 'Filename= but does not capture it. The regex keeps on capturing until it captures .pdf and then makes sure that the next character after that is & which it also matches but does not capture.