I am use a rex in splunk to extract the decimal amount from a

Question

0

Asked: June 12, 20262026-06-12T05:15:25+00:00 2026-06-12T05:15:25+00:00

I am use a rex in splunk to extract the decimal amount from a

0

I am use a rex in splunk to extract the decimal amount from a field that contains the amount plus the 3-digit currency code. Both values are separated by a space.

Examples:

200.00 INR
2390.11 INR
1.00 INR
1789.00 INR

I am using the rex command inline:

rex field=TxnAmt "(?<TxnAmt>[^\s]\d+.\d+)

Using this command is mostly successful, but where my error comes into play is with the 1.00 INR.

Results:

200.00
2390.11
1.00 INR
1789.00

Any ideas would be helpful. Full Disclaimer: I am not a full programmer, nor do I aspire to be, but I do enjoy writing Regexs on Splunk.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-12T05:15:26+00:00

There are a few problems with your current regex, try changing [^\s]\d+.\d+ to the following:

\d+\.\d+

Your current regex does not escape the ., so the . in your regex will actually match any character. I’m not really sure what you are trying to do with [^\s], since this will match a single non-whitespace character, and it looks like you are only interested in the digits.

Your current regex fails on “1.00 INR” because the 1 is matched by [^\s], and then your regex looks for one or more digits but the next character is a ..

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I am use a rex in splunk to extract the decimal amount from a

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply