How to concatenate strings with unicode character?

junlozhang · ‎05-08-2021

I want to concatenate strings with special characters like "\t" and Unicode char "\u0006"

I tried

| makeresults 
| eval str="a"."\t"."b"

And got

a\tb

But what I want is

a  b

Also, I tried

| makeresults 
| eval str="a"."\u0006"."b"

And got

a\u0006b

What should I do?

kamlesh_vaghela · ‎05-08-2021

@junlozhang

Can you please share your use case where and how you want to use? Just for trial I draft search in sublime using tab key and executed. If you have specific use case then please share.

| makeresults 
| eval str="a"."	"."b"

junlozhang · ‎05-09-2021

@kamlesh_vaghela

Thanks for the solution about "\t". And what about Unicode character? Does it mean there is no way to concatenate a Unicode character and a string?

Well, the reason I want to do this is that our log system has just switched to Splunk recently, and in order to make as least change as possible to the code of current downstream service, I'm trying to make the data fetched from Splunk has the same schema as the old log system (some fields in Splunk used to be separated by special character "\t" or Unicode character "\u0006")

How to concatenate strings with unicode character?

other

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?