Building for the Splunk Platform
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do I create an eval statement to combine similar fields?

dbcase
Motivator
‎09-12-2018 02:13 PM

Hi,

If I have data that looks like this

abc
abc456
xyz
xyz456

How could I create an eval statement that says

if field1=abc or if field1=field1+456 then field1=field1?

Meaning, combine "abc" and "abc456", and combine "xyz" and "xyz456" together.

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

dbcase
Motivator
‎09-12-2018 03:44 PM

Solved it, used the like function

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

dbcase
Motivator
‎09-12-2018 03:44 PM

Solved it, used the like function

0 Karma
Reply
Solved! Jump to solution

dbcase
Motivator
‎09-12-2018 03:12 PM

A bit more info as I think I gave a poor example

abc can be 3 positions or it could be abcdef (more than 3 positions), however, 456 is always consistent

0 Karma
Reply
Get Updates on the Splunk Community!

Happy CX Day, Splunk Community!

Happy CX Day, Splunk Community! CX stands for Customer Experience, and today, October 3rd, is CX Day — a ...

Splunk Observability Cloud | Customer Survey!

If you use Splunk Observability Cloud, we invite you to share your valuable insights with us through a brief ...

.conf23 | Get Your Cybersecurity Defense Analyst Certification in Vegas

We’re excited to announce a new Splunk certification exam being released at .conf23! If you’re going to Las ...