Solved: Re: SEDCMD tab insert

wsweat · ‎08-24-2012

Hello,

Using the SEDCMD (props.conf), I want to replace a char string '#11' with a tab. However, when I use:

SEDCMD-fix_tab = s/#011/\t/g

or

SEDCMD-fix_tab = s/#011/\\t/g

or

SEDCMD-fix_tab = s/#011/\x09/g

The char #011 is replaced by the literal string '\t', '\t', or '\x09' and not with the= tab character. I've even tested this successfully using the sed -r equivalent on the CLI

Any help is appreciated. Thanks

_d_ · ‎08-25-2012

This should work:

SEDCMD-fix_tab = s/#011/ /g

The space before the "/g" is an actual/literal tab. (ie., hit TAB button on your keyboard)

Hope this helps,

d.

View solution in original post

_d_ · ‎08-25-2012

This should work:

SEDCMD-fix_tab = s/#011/ /g

The space before the "/g" is an actual/literal tab. (ie., hit TAB button on your keyboard)

Hope this helps,

d.

_d_ · ‎08-25-2012

Glad that you made it work. Also, note that the replaced field is not a regex. The correct syntax is:

s/regex/replacement/flags

wsweat · ‎08-25-2012

Thanks, that's what I decided to do and it seemed to work. It just looked odd as I'm used to using character sequences, like '\t', to indicate a tab; and the assumption that this field would be regex (pcre) compliant as well.

SEDCMD tab insert

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor