Blog

Splunk Regex Cheatsheet

  • (5.0)

The following article should be your one stop shop for all the regular expressions that you would use in Splunk software for any purpose, be it for your evaluation or even to perform any search related operations. This has been carefully compiled with all the necessary functions being considered, hence you can use it without any doubts. For any further references, it is very much required for you to access the official Splunk documentation or the cheat sheet that they provide for regular expressions as such.

Learn how to use Splunk, from beginner basics to advanced techniques, with online video tutorials taught by industry experts. Enroll for Free Splunk Training Demo!

Splunk regex cheat sheet:

These regular expressions are to be used on characters alone, and the possible usage has been explained in the example section on the tabular form below. We will try to be as explanatory as possible to make you understand the usage and also the points that need to be noted with the usage.

Character Meaning
* This character tries to match 0, 1 or more occurrences of the previous character specified on this regular expression.
Example: Splunk* matches both to these options “Splunk”, “Splunkkkk” or “Splun”
? This character when used matches 0 or 1 occurrence of the previous character specified in the regular expression.
Example: Splunk? matches with “Splunk”
+ This character when used along with any character, matches with 1 or more occurrences of the previous character used in the regular expression.
Example: Splunk+ matches with “Splunk” or “Splunkkk” but not with “Splun”
  This character is used to escape any special character that may be used in the regular expression.
Example: Splunk? matches with the string “Splunk?”
. This character matches with any possible character, as it is always used as a wildcard character.
Example: Splunk* matches with “Splunk”, “Splunkster” or “Splunks”.
( ) The open and closed parenthesis always match a group of characters.
Example:
(Week)* matches to any of the following – “Week1”, “Week2” or “Week3”
[ ] The open and closed square brackets always match with a range of characters (alphabets, numbers)
Example:
[sp]lain matches “splain”, “plain”
[0-9]+ matches to any of the positive integers available in the string where the regular expression will be applied.
[a-z] matches to all ASCII letters ranging amongst a to z, but just the lower case letters
[A-Z] matches to all ASCII letters ranging amongst A to Z, but just the upper case letters
[^0-9] matches to any character but not any positive integers ranging from 0 to 9.
| This matches with the previous OR next character / group
(Ch) | (ch) pra matches to “Chopra” or “chopra”
{ } This matches the specified regular expression only a specified number of times / occurrences as provided within the flower brackets previously.
Example:
[0-9]{5} matches to “12345” or “54321” but not to “12” or “23” or “345”.
[a-z]{1,5} matches to “a”, “ab”, “abc”, “abcd” and “abcde” but doesn’t exceed more than 5 occurrences as provided in the example.
[A-Z]{1,} matches to a string format in capitals as like “AXODLFKJERLJ…” as there is no end limit mentioned in the regular expression
^ This matches the beginning of a provided string or within a character range as provided within the square brackets.
Example: [^0-9] matches to any character but not any positive integers ranging from 0 to 9.
$ This matches with the end of a provided string.
Example: ing$ matches with "amazing" but not "ingredient"

This section of regular expressions is very specifically dedicated to the Character Classes as such and hence there may or may not be sufficient examples to portray its complete usage.

Frequently Asked Splunk Interview Questions & Answers

Character

Meaning

[:alpha:] This matches with any letter that falls in the range as mentioned here, [A-Za-z]
[:upper:] This matches with any upper case letters that falls in the range as mentioned here, [A-Z]
[:lower:] This matches with any lower case letters that falls in the range as mentioned here, [a-z]
[:digit:] This matches with any number that falls in the range as mentioned here, [0-9]
[:alnum:] This matches with any number or letter that falls in the range as mentioned here, [A-Za-z0-9]
[:xdigit:] This matches with any hexadecimal digit that falls in the range as mentioned here, [0-9A-Fa-f]
[:space:] This matches with a tab, or a new line, or a vertical tab, or a space
[:blank:] This matches with a space or a tab
[:print:] This matches with any printable character
[:punct:] This matches with any of the punctuation characters as mentioned here - ! ' # S % & ' ( ) * + , - . / : ; < = > ? @ [ / ] ^ _ { | } ~
[:graph:] This matches with any character that is defined as a printable character except for those which are defined as part of the space character class
[:word:] This matches with any continuous string of alphanumeric characters and underscores.
[:ascii:] This matches with any of the ASCII characters, in the range mentioned here: 0-127
[:cntrl:]

This matches with any character that is not part of the character classes as like what are mentioned here [:upper:], [:lower:], [:alpha:], [:digit:], [:punct:], [:graph:], [:print:], [:xdigit:]

This article has been written to cater all specific needs for an individual to refer any specific regular expression that could be used within the context of Splunk software, taking the utmost possible care. If there are any missing details that you would want to refer, please refer the Official Splunk documentation. 

Explore Splunk Sample Resumes! Download & Edit, Get Noticed by Top Employers!Download Now!

 


Popular Courses in 2018

Get Updates on Tech posts, Interview & Certification questions and training schedules