Solved: Adding delimiter to a field values

Laxman24 · ‎10-28-2020

Hi all,

I need some help in creating a new field,

I have a field like following

Field 1

AABBCCDDEEFF

AAAABBBBCCCC

Id like to make a new field and the values become :

AA-BB-CC-DD-EE-FF

AA-AA-BB-BB-CC-CC

could someone help me with this?

Thanks in advance!

ITWhisperer · ‎10-28-2020

| rex mode=sed "s/(?<pair>\w{2})/\1-/g s/-$//g"

View solution in original post

ITWhisperer · ‎10-28-2020

| rex mode=sed "s/(?<pair>\w{2})/\1-/g s/-$//g"

ayushisrivastav · ‎03-02-2023

Hi @ITWhisperer ,

please can you explain me the regular expression which you have written to fulfil the request.

ITWhisperer · ‎03-02-2023

Firstly, rex is put into stream-edit (sed) mode.

The regular expression is in two parts (separated by a space)

Secondly, the first sed expression means substitute (s) the captured group (?<pair>\w{2}) of 2 word-characters with the first captured group (\1) followed by a hyphen (1) done globally (g) through the field.

Thirdly, the second sed expression means substitute (s) the hyphen (-) at the end ($) for nothing i.e. remove it.

Laxman24 · ‎10-28-2020

Thank you!!!! 🙂 it works

Adding delimiter to a field values

eval

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

Join the Conversation