I am trying to create a regex that will parse a portion of a

Question

0

Editorial Team

Asked: June 7, 20262026-06-07T06:57:56+00:00 2026-06-07T06:57:56+00:00

I am trying to create a regex that will parse a portion of a

0

I am trying to create a regex that will parse a portion of a sentence within a Windows Log event.

As an example, EventCode=7035 generates the following:

The Network Location Awareness (NLA) service was.....sent a start
The Network Connection service was....sent a stop
The HTTP service was....sent a start
The HTTP service was....sent a stop
etc...

What I would like to parse out is, just the information between “The” and “service” and also the works start or stop.

That way I can build a list of services there were started or stopped.

Thoughts on this?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-07T06:57:59+00:00

Editorial Team

2026-06-07T06:57:59+00:00Added an answer on June 7, 2026 at 6:57 am

I used Splunk Interactive field extractor.

Use following regex in your search as

For Service type

| rex "(?i)^The\s(?P<ServiceType>[^ ]+)\sservice"

For Service Status

| rex "(?i)sent\sa\s(?P<ServiceStatus>[^ ]+)"

Use fields “ServiceType” and “ServiceStaus” for further result and charting.

\s is for space or can use actual space ” “.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I am trying to create a regex that will parse a portion of a

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply