Splunk Search

How do I break apart a field with numeric ranges?

CoryASE
Engager

I have a field that I want to break out, something like value [0760-0780] so I can run calculations on those fields. The ranges can be massive, so using a traditional lookup isn't really ideal.

I can't seem to find a logical way to do this, any suggestions are welcome.

Tags (2)
0 Karma

CoryASE
Engager

So i was able to break out the values so they are just ranges 01-10. Just unsure how to actually map that to values now. Maybe I'll try a lookup, as it looks like it only goes to 1024, but that seems cumbersome.

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...