Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Ask a Question

Splunk Lastname firstname formating

arunsundarm
Engager
โ€Ž07-16-2019 06:31 AM

I am using this query to fetch current logged in user "|rest splunk_server=local /services/authentication/current-context | fields realname"
It displays real name as Lastname, Firstname
Now i want a nother field with value "Firstname Lastname" format

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
โ€Ž07-16-2019 07:57 AM

Try rex.

... | eval name=realname | rex field=name mode=sed "s/([^,]+), (.*)/\2 \1/"
---
If this reply helps you, an upvote would be appreciated.
Reply

Nextbeat
Path Finder
โ€Ž04-14-2020 09:39 AM

Thanks for reminding me that Sed can do this, but was originally curious about the eval way.

0 Karma
Reply

to4kawa
Ultra Champion
โ€Ž04-15-2020 03:21 AM 
... | eval name=mvindex(split(realname,","),1).",".mvindex(split(realname,","),0)
0 Karma
Reply