Splunk Enterprise
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to manipulate field values in raw log?

super_saiyan
Communicator
‎10-17-2022 06:09 AM

How do i replace the Hyphen with dot.

For example i have a field call IP and the value are 10-20-11-120 but i want to convert this to 10.20.11.120.

I have tried the | rex mode=sed but it's only replacing the first hyphen with dot. Please refer to my below SPL

SPL

| makeresults | eval IP="10-20-11-120"
| rex mode=sed field=IP "s/-/./"

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎10-17-2022 06:44 AM 
| rex mode=sed field=IP "s/-/./g"

View solution in original post

Reply
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎10-17-2022 06:44 AM 
| rex mode=sed field=IP "s/-/./g"
Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎10-17-2022 06:43 AM

Make the SED operation repeat by using the 'g' flag.

| makeresults | eval IP="10-20-11-120"
| rex mode=sed field=IP "s/-/./g"
---
If this reply helps you, Karma would be appreciated.
Reply
Get Updates on the Splunk Community!

SOC Modernization: How Automation and Splunk SOAR are Shaping the Next-Gen Security ...

Security automation is no longer a luxury but a necessity. Join us to learn how Splunk ES and SOAR empower ...

Ask It, Fix It: Faster Investigations with AI Assistant in Observability Cloud

  Join us in this Tech Talk and learn about the recently launched AI Assistant in Observability Cloud. With ...

Index This | How many sides does a circle have?

  March 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...
Top