From the course: Practical Splunk: Build Data Intelligence through SPL, Reports, and Dashboards
Join today to access over 24,900 courses taught by industry experts.
Using the rex command - Splunk Tutorial
From the course: Practical Splunk: Build Data Intelligence through SPL, Reports, and Dashboards
Using the rex command
- Using rex command. This is one of the most powerful commands I have personally used in Splunk. Using this command, you can create your own fields during search time, and this provides great flexibility, mainly because it is an SPL command. That means you can use this as part of your SPL search pipeline. The wizard method that I showed you in the previous section is useful and certainly you can try that, but sometimes it is not efficient, mainly because the regular expressions are automatically created by Splunk and creating regular expressions automatically based on sample data is not always super efficient. So in this section we will take a look at how to use rex command. The rex command enables you to use regular expressions to extract fields during search time, flexible and powerful. The one caveat with rex command is you need to have regular expression knowledge. For many of you, learning regular expression can be tough because it's very cryptic to be honest with you. However…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.