Solved: Re: How to split single field value into two diffe...

alex389 · ‎07-15-2018

Hello,

I'm trying to split a single value of a result which is 5231562. I want to be able to split this number into two different values.

i.e

Field0 5231562 becomes -
Field1 = 52
Field2 = 31562

Thank you

woodcock · ‎07-15-2018

Like this:

... | rex field=Field0 "^(?<Field1>\d{2})(?<Field2>\d+)$"

alex389 · ‎07-16-2018

Thank you all

woodcock · ‎07-16-2018

Don't forget to UpVote, too!

woodcock · ‎07-15-2018

Like this:

... | rex field=Field0 "^(?<Field1>\d{2})(?<Field2>\d+)$"

renjith_nair · ‎07-15-2018

Hi @alex389,

If you just want to split , you could use substr. Lets know in case you need any logic for the first two digits

|stats count|fields - count|eval Field0=5231562|eval Field1=substr(Field0,0,2),Field2=substr(Field0,3)

---
What goes around comes around. If it helps, hit it with Karma 🙂

niketn · ‎07-15-2018

@alex389 if you always want field1 to be first two digits you can write the following rex:

<yourCurrentSearch>
| rex field=field0 "^(?<field1>\d{2})(?<field2>.*)"

Following is a run anywhere search based on sample data and details.

| makeresults
| eval field0="5231562"
| rex field=field0 "^(?<field1>\d{2})(?<field2>.*)"

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

How to split single field value into two different values?