Splunk Search

Combine a numerical field with a string field separated with a dash

subhrangshu
Explorer

Hello,

I am trying to combine couple of fields data separated by a dash. Tried few options but could not get the expected output.

My query is:

index=test sourcetype="test-abc"  ("enter start()")
| rename job_id as JOB_ID
| stats earliest(_time) AS Earliest by JOB_ID
| eval FirstEvent=strftime(Earliest,"%b %d, %Y %H:%M:%S")
| eval JOB_ID_STR=tostring(JOB_ID)
| eval JOB-ID-WITH-TIME=printf("%s%z", JOB_ID_STR,FirstEvent)

In the above query: JOB_ID is a numerical data of length 4 digit. FirstEvent is string of time format of that event.

Ex:

JOB_ID = 9000 and FirstEvent = Jul 07, 2020 04:56:43

Using the above query and with printf function,  JOB-ID-WITH-TIME is returned as 9000Jul 07, 2020 04:56:43. 

I want the output to be like 9000-Jul 07, 2020 04:56:43 (a dash between JOB_ID and FirstEvent).

How to do it?

Thanks in advance for your time!

Labels (1)
0 Karma
1 Solution

diogofgm
SplunkTrust
SplunkTrust

You can just use eval for that:

JOB_ID = 9000 and FirstEvent = Jul 07, 2020 04:56:43

| eval job_with_time = JOB_ID + "-" + FirstEvent

------------
Hope I was able to help you. If so, some karma would be appreciated.

View solution in original post

Tags (1)

diogofgm
SplunkTrust
SplunkTrust

You can just use eval for that:

JOB_ID = 9000 and FirstEvent = Jul 07, 2020 04:56:43

| eval job_with_time = JOB_ID + "-" + FirstEvent

------------
Hope I was able to help you. If so, some karma would be appreciated.
Tags (1)

subhrangshu
Explorer

Thanks for the prompt reply. I don't know, how I missed this. Thanks again 😃

0 Karma
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...