- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- How to change format and then insert+combine them
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello.
Could anyone help me out?
I have a DoB string with the following format dob='2002-01-03'
I would like to format this string to look like this: 020103
And then i would like to insert this data into an other sting after the 1st number which looks like this: data='1384198'
So in the end i would get data2='1020103384198'
Thank you
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@prot3ctor ,
Try
"Your search with fields dob,data"
|eval newString=strftime(strptime(dob,"%Y-%m-%d"),"%y%m%d")
|rex field=data "(?<_f>.)"|eval newString=replace(data,"^.",_f.newString)
What goes around comes around. If it helps, hit it with Karma 🙂
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Like this:
| makeresults
| eval dob="2002-01-03", data="1384198"
| rename COMMENT AS "Everything above generates sample event data; everything below is your solution"
| eval data2 = substr(data, 1, 1). replace(dob, "^..|-", "") . substr(data, 2)
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It wasnt working for me at 1st cause i had to strip the single quotes from data first. Then i managed to get it to work
Thanks a lot 🙂
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@prot3ctor ,
Try
"Your search with fields dob,data"
|eval newString=strftime(strptime(dob,"%Y-%m-%d"),"%y%m%d")
|rex field=data "(?<_f>.)"|eval newString=replace(data,"^.",_f.newString)
What goes around comes around. If it helps, hit it with Karma 🙂
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It wasnt working for me at 1st cause i had to strip the single quotes from data first. Then i managed to get it to work
Thanks a lot 🙂
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi. So this only puts the 2 strings next to each other. Is there a way to insert 1 string after the 1st character of the 2nd string?
Example:
dob=861010
ssn=123456
So in the end i would get a value what looks like this: 186101023456
Thanks
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@prot3ctor ,
This is what I tried with the strings you provided
|makeresults|eval dob="2002-01-03",data="1384198"
|eval newString=strftime(strptime(dob,"%Y-%m-%d"),"%y%m%d")
|rex field=data "(?<_f>.)"|eval newString=replace(data,"^.",_f.newString)
and the result is 1020103384198
dob="2002-01-03" => 020103
date = 1384198
Result = 1 020103 384198
What goes around comes around. If it helps, hit it with Karma 🙂
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Will try. Thanks 🙂
Enter the Splunk Community Dashboard Challenge for Your Chance to Win!
.conf24 | Session Scheduler is Live!!
Introducing the Splunk Community Dashboard Challenge!
