rex-07march

Author: inventsekar

regex basics.txt

@@ -0,0 +1,4 @@
+# 07th march 2018 inventsekar
+
+# docs.splunk link
+# http://docs.splunk.com/Documentation/Splunk/7.0.2/SearchReference/Regex

rex basics.txt

@@ -0,0 +1,4 @@
+# 07th march 2018 inventsekar
+
+# docs.splunk link
+# http://docs.splunk.com/Documentation/Splunk/7.0.2/SearchReference/Rex

rex-vs-regex.txt

@@ -0,0 +1,24 @@
+# 07th march 2018 inventsekar
+# to understand the basic differences between rex and regex
+
+
+
+rex - Description
+Use this command to either extract fields using regular expression named groups, or replace or substitute characters in a field using sed expressions.
+
+The rex command matches the value of the specified field against the unanchored regular expression and extracts the named groups into fields of the corresponding names. If a field is not specified, the regular expression is applied to the _raw field. Note: Running rex against the _raw field might have a performance impact.
+
+When mode=sed, the given sed expression used to replace or substitute characters is applied to the value of the chosen field. If a field is not specified, the sed expression is applied to _raw. This sed-syntax is also used to mask sensitive data at index-time. Read about using sed to anonymize data in the Getting Data In Manual.
+
+Use the rex command for search-time field extraction or string replacement and character substitution.
+
+
+regex - Description
+The regex command removes results that do not match the specified regular expression.
+
+#-------------------------------------------------------
+# Normally you would use "rex".
+# regex is, generally less-required than rex. 
+
+# so, as a beginner, if you are got confusion of which one to use "rex or regex", normally you would required to use "rex".
+#-------------------------------------------------------