- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Automatically capitalize the first letter of every...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Automatically capitalize the first letter of every word that follows a period?
I am looking for the proper SPL to capitalize the first letter of every word that follows a period. I have tried several different ways using the eval/upper command. But can't quite get it right. Any help would be appreciated.
Thanks,
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How about this SPL leveraging sed-mode of rex...
| makeresults | eval str="The foo is bar. baz is fine. what?"
| rex mode=sed field=str "s/\.( +)([a-z])/. \1__\2__/g s/__a__/A/g s/__b__/B/g s/__c__/C/g s/__d__/D/g s/__e__/E/g s/__f__/F/g s/__g__/G/g s/__h__/H/g s/__i__/I/g s/__j__/J/g s/__k__/K/g s/__l__/L/g s/__m__/M/g s/__n__/N/g s/__o__/O/g s/__p__/P/g s/__q__/Q/g s/__r__/R/g s/__s__/S/g s/__t__/T/g s/__u__/U/g s/__v__/V/g s/__w__/W/g s/__x__/X/g s/__y__/Y/g s/__z__/Z/g"
Ugly, but effective. I use a variant (that doesn't require a period) to capitalize every word in a fragment for display in a table.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi rogue670,
if you have something like " 2017-09-22 09.09.09 this is a test to take the first letter after a period a12345 " and I want to find the " a " letter after the period " after a period " you can use rex command:
your_search
| rex "after a period (?<letter>\w)"
| ...
Bye.
Giuseppe
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I downvoted this post because the question was about capitalizing first letters.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@rogue670, Can you add some sample events?
| makeresults | eval message= "Happy Splunking!!!"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@rogue670, while this question depends on what data you have, following is a roundabout way for replacing first character of every line to upper case. Due to a limit of 100 events by list() argument for stats command, each one of your event should have maximum 100 lines.
| makeresults
| eval raw="this is a test string. it has characters after period in lower case.pick up first character after period and convert to upper case.test complete."
| makemv delim="." raw
| mvexpand raw
| eval raw=trim(raw)
| eval raw = upper(substr(raw,1,1)).substr(raw,2)."."
| stats list(raw) as raw
| nomv raw
PS: There could be easier more direct approach using rex with sed. However, while I was able to pin point first character of every line which was lower case, I was not able to replace the same with upper case.
| makeresults | eval message= "Happy Splunking!!!"
Routing logs with Splunk OTel Collector for Kubernetes
Welcome to the Splunk Community!
Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM
