Solved: How to assign field name area_code to first 3 digi... - Splunk Community

Splunk Search

My voip logs have a format of xxxxxxxxxx 10 digit number.

Two questions:

How do I assign a field name of "area_code" to the first 3 digits of the number?

How do I do a geolocate on the area_code?

Thanks in advance for your help

1 Solution

Solution

For first one you can use calculated fields.
http://docs.splunk.com/Documentation/Splunk/6.1.2/Knowledge/definecalcfields

May be this one for the second

http://apps.splunk.com/app/1515/

View solution in original post

Solution

For first one you can use calculated fields.
http://docs.splunk.com/Documentation/Splunk/6.1.2/Knowledge/definecalcfields

May be this one for the second

http://apps.splunk.com/app/1515/

Get Updates on the Splunk Community!

Splunk APM & RUM | Upcoming Planned Maintenance

There will be planned maintenance of the streaming infrastructure for Splunk APM and Splunk RUM in the coming ...

Part 2: Diving Deeper With AIOps

Getting the Most Out of Event Correlation and Alert Storm Detection in Splunk IT Service Intelligence Watch ...

User Groups | Upcoming Events!

If by chance you weren't already aware, the Splunk Community is host to numerous User Groups, organized ...