Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Can you rename strings within mv-fields

lmacneil76
Explorer
‎06-05-2014 12:09 PM

Id like to rename every instance of "dragDrop" to "stackDragDrop" from a multi-value field.

The search below just renames one instance. Any ideas on how to do this?

source="C:\\var\\regression_items\\*.xml" 
| rex "title=\"(?P<id>\d+)\"" 
| rex max_match=0 "(class=\"stack\").+(data-type=\")(?P<STACK>\w+)(\")"
| eval TEST=mvfilter(STACK = "dragDrop")
| eval selectionElements=case(TEST="dragDrop", "stackDragDrop") 
| table id selectionElements TEST
Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎06-05-2014 12:24 PM

Try this

source="C:\\var\\regression_items\\*.xml" 
| rex "title=\"(?P<id>\d+)\"" 
| rex max_match=0 "(class=\"stack\").+(data-type=\")(?P<STACK>\w+)(\")"
| eval TEST=mvfilter(STACK="dragDrop") |eval selectionElements=TEST | replace dragDrop with stackDragDrop in selectionElements
| table id selectionElements TEST

View solution in original post

Reply
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎06-05-2014 12:24 PM

Try this

source="C:\\var\\regression_items\\*.xml" 
| rex "title=\"(?P<id>\d+)\"" 
| rex max_match=0 "(class=\"stack\").+(data-type=\")(?P<STACK>\w+)(\")"
| eval TEST=mvfilter(STACK="dragDrop") |eval selectionElements=TEST | replace dragDrop with stackDragDrop in selectionElements
| table id selectionElements TEST
Reply
Solved! Jump to solution

lmacneil76
Explorer
‎06-05-2014 06:51 PM

Perfect! I was missing replace. Thanks!

0 Karma
Reply
Get Updates on the Splunk Community!

Dashboards: Hiding charts while search is being executed and other uses for tokens

There are a couple of features of SimpleXML / Classic dashboards that can be used to enhance the user ...

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

This is the fourth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how ...

Brains, Bytes, and Boston: Learn from the Best at .conf25

When you think of Boston, you might picture colonial charm, world-class universities, or even the crack of a ...