Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Is it possible to remove/replace a portion of the data at search-time for better formatting and presentation?

capilarity
Path Finder
‎03-24-2015 04:32 AM

we have logs that include a host-name which is always appended by the FQDN. The FQDN is always the same and is not needed for a high level dashboard.

This makes the field too long for a cell in a table on a dashboard and messes up the formatting of the table and therefore the page.
I've amended the indexing so all new data includes an additional field of just host-name

Is it possible (at search time) to remove this for data already indexed?

"hostname.domainname.com" to become "hostname"

Thanks

Tags (4)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

capilarity
Path Finder
‎03-24-2015 04:49 AM

answered my own question

what a dufus.

field extraction to create new field

been a long morning...

View solution in original post

0 Karma
Reply
Solved! Jump to solution

vganjare
Builder
‎03-24-2015 04:52 AM

Hi,

You can try editing the field by using eval command. Following is an example:

| eval hostname=replace(hostname,"hostname.domainname.com","hostname")

Thanks!!

0 Karma
Reply
Solved! Jump to solution

capilarity
Path Finder
‎03-24-2015 05:06 AM

Thanks for the comment, but the "hostname" portion of the FQDN is the variable.

Can use regex to extract the host but can you use regex to write the new string?

hostname="replace(hostname,"REGEXvalue.domainname.com,"REGEXvalue)

the example in the docs uses a static value as an output

... | eval n=replace(date, "^(\d{1,2})/(\d{1,2})/", "\2/\1/")

0 Karma
Reply
Solved! Jump to solution
Solution

capilarity
Path Finder
‎03-24-2015 04:49 AM

answered my own question

what a dufus.

field extraction to create new field

been a long morning...

0 Karma
Reply
Get Updates on the Splunk Community!

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

For the past four years, Splunk has partnered with Enterprise Strategy Group to conduct a survey that gauges ...

Data-Driven Success: Splunk & Financial Services

Splunk streamlines the process of extracting insights from large volumes of data. In this fast-paced world, ...