Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to create a field from another field?

lys1030
Explorer
‎07-16-2015 04:33 PM

I have a field "F1" with values as following:
alt text
I want to add a filed "F2" with value 'a' to all 'a*', with value 'b' to all 'b*'.
alt text
What should I do?
Thanks in advance!

Tags (1)
Preview file
9 KB
Preview file
9 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

MuS
SplunkTrust
SplunkTrust
‎07-16-2015 04:38 PM

Hi lys1030,

try this little regex:

your base search here | rex field=F1 "(?<F2>[a-zA-Z])" | table F1 F2

Hope this helps ...

cheers, MuS

View solution in original post

Reply
Solved! Jump to solution

woodcock
Esteemed Legend
‎07-16-2015 04:41 PM

Like this:

| eval F1 = substr(F2,1,1)
Reply
Solved! Jump to solution
Solution

MuS
SplunkTrust
SplunkTrust
‎07-16-2015 04:38 PM

Hi lys1030,

try this little regex:

your base search here | rex field=F1 "(?<F2>[a-zA-Z])" | table F1 F2

Hope this helps ...

cheers, MuS

Reply
Get Updates on the Splunk Community!

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...