https://community.splunk.com/t5/Splunk-Search/How-to-change-each-instance-of-a-field-search-result/m-p/628497#M218309 <P>Please share some sample events in a code block &lt;/&gt; since normal pasting can alter the (white-space) formatting.</P> Thu, 26 Jan 2023 15:18:34 GMT ITWhisperer 2023-01-26T15:18:34Z https://community.splunk.com/t5/Splunk-Search/How-to-change-each-instance-of-a-field-search-result/m-p/628486#M218302 <P>I'm doing a search for server names and will eventually extract to to a csv. However, each result comes out as one of the following</P> <UL> <LI><BR /><EM>servername.domain: servername.domain</EM><BR /><EM>servername: servername.domain</EM><BR /><EM>servername: servername</EM></LI> </UL> <P>How can I change the results in that particular field to be just&nbsp;<EM>servername</EM>? I feel like this is where regular expressions may come in to play.&nbsp;</P> Thu, 26 Jan 2023 19:24:08 GMT https://community.splunk.com/t5/Splunk-Search/How-to-change-each-instance-of-a-field-search-result/m-p/628486#M218302 atebysandwich 2023-01-26T19:24:08Z https://community.splunk.com/t5/Splunk-Search/How-to-change-each-instance-of-a-field-search-result/m-p/628487#M218303 <P>Try something like this</P><LI-CODE lang="markup">| rex field=particular "\w+:(?&lt;servername&gt;\w+)\.)"</LI-CODE> Thu, 26 Jan 2023 14:36:26 GMT https://community.splunk.com/t5/Splunk-Search/How-to-change-each-instance-of-a-field-search-result/m-p/628487#M218303 ITWhisperer 2023-01-26T14:36:26Z https://community.splunk.com/t5/Splunk-Search/How-to-change-each-instance-of-a-field-search-result/m-p/628488#M218304 <P>Unfortunately that didn't work. The field results still come out the same. But I noticed they come out in a few different ways:<BR /><BR />servername.domain: servername.domain<BR />servername: servername.domain<BR />servername: servername</P><P>&nbsp;</P> Thu, 26 Jan 2023 14:43:09 GMT https://community.splunk.com/t5/Splunk-Search/How-to-change-each-instance-of-a-field-search-result/m-p/628488#M218304 atebysandwich 2023-01-26T14:43:09Z https://community.splunk.com/t5/Splunk-Search/How-to-change-each-instance-of-a-field-search-result/m-p/628497#M218309 <P>Please share some sample events in a code block &lt;/&gt; since normal pasting can alter the (white-space) formatting.</P> Thu, 26 Jan 2023 15:18:34 GMT https://community.splunk.com/t5/Splunk-Search/How-to-change-each-instance-of-a-field-search-result/m-p/628497#M218309 ITWhisperer 2023-01-26T15:18:34Z https://community.splunk.com/t5/Splunk-Search/How-to-change-each-instance-of-a-field-search-result/m-p/628673#M218387 <P>I was able to figure out the issue without regex - I was looking at the wrong field. Thank you for the help,&nbsp;</P> Fri, 27 Jan 2023 19:33:41 GMT https://community.splunk.com/t5/Splunk-Search/How-to-change-each-instance-of-a-field-search-result/m-p/628673#M218387 atebysandwich 2023-01-27T19:33:41Z