Hello, I'm fairly new using Splunk and I'm trying to determine which command would be best to extract and insert data from the ap_name column into the space_id column I made using the following eval command:
| inputlookup <lookup value> | search ap_name=* | eval space_id = building_num + "-" + room
The first hyphen within the AP name indicates the floor number the AP is on. The hurdles I'm experiencing are the following:
- Extract and insert ONLY the first number(s) after the first hyphen within the AP name
- If the floor number is between 0 - 9 inserting a "0" to the space ID result
I'm also unsure if it would be easier to make another eval column using the extraction for the floor number, then add the new value into the space_id. Any assistance and/or guidance on this is greatly appreciated!
| ap_group | ap_latitude | ap_longitude | ap_name | building_num | install_status | location | model_id | room | space_id |
| test1 | 123123 | 234234 | sample-14-4 | 0272 | In use | Sample Tower (0272 | 315 | 1434 | 0272-1434 |
| test2 | 345345 | 456456 | sample2-1-19 | 1110 | In use | Sample Two House (1110) | 315 | 160 | 1110-160 |
| test3 | 567567 | 678678 | sample3-10-9 | 0189 | In use | Sample Three Tower (0189) | 315 | 1007 | 0189-1007 |
