Skip to content
Cruncher

regex

regex

Logs

Extract values from a field using a regular expression and create new fields from captured groups.

| regex [field="<FIELD_NAME>"] `<PATTERN>` 
| regex field="message" `(?<user>\w+) logged in`

The regex command extracts values from a field using a regular expression and creates new fields from the captured groups.

Parameters

Section titled “Parameters”
  • FIELD_NAME: The field to apply the regex to. If not specified, defaults to _raw.
  • PATTERN: The regular expression pattern, using named capture groups.

Usage

Section titled “Usage”
  • Use regex to parse and extract structured data from text fields.
  • Named capture groups become new fields in the output.

Example

Section titled “Example”
| regex field="message" `(?<user>\w+) logged in from (?<ip>\d+\.\d+\.\d+\.\d+)`

This extracts user and ip from the message field.